Find the answer to your Linux question:
Results 1 to 2 of 2
hi., using layer 7 filtering how to block the ftp packets?.. In My router i am going to add a below rule.... iptables -A OUTPUT -m layer7 --l7proto tcp --dport ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2010
    Posts
    31

    Post how to block the ftp packets


    hi.,
    using layer 7 filtering how to block the ftp packets?..

    In My router i am going to add a below rule....
    iptables -A OUTPUT -m layer7 --l7proto tcp --dport 20 -j DROP

    above statement will it work in my router?..kindly help me..

    Regards
    Saravanan G

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    you block ftp in the OUTPUT chain?!

    If that's what you want, yes, it should work. But you don't need that fancy layer matching. Blocking tcp port 20 should cover a large number of cases as that one is the reserved default ftp port. But you won't be able to block ftp traffic that goes to different ports than the default. Anyone can configure his server as he wants and he is not required to use port 20.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •