[SOLVED] APF Blocking Active FTP

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Re: APF Blocking Active FTP

Unread post by hostingguy »

what modules are there now?
Is there any extended functionality or new vulbernities that we should be aware of?
Top
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4155
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: APF Blocking Active FTP

Unread post by mikeshinn »

No new vulns. The new modules are all related to firewalling, here is the current list in the next ASL release:

#Load IPv6 module if not already loaded
modprobe ipv6

#core firewalling modules
modprobe ip_tables
modprobe ip6_tables
modprobe iptable_filter
modprobe ip6table_filter
modprobe iptable_nat
modprobe iptable_mangle
modprobe nf_nat

modprobe x_tables # good stuff is in here
modprobe ipt_stealth # stealth drops
modprobe ipt_owner # owner based fw rules.
modprobe ipt_REJECT # icmp reject drops
modprobe ipt_recent # used to track recent connections
modprobe ip6t_REJECT #IPv6 REJECT
modprobe ipt_REDIRECT # redirect traffic
modprobe xt_tcpudp
modprobe xt_conntrack 2> /dev/null
modprobe nf_conntrack # conntrack module
modprobe nf_conntrack_ipv6 # IPv6 conntrack module
modprobe nf_conntrack_ipv4 # IPv6 conntrack module
modprobe nf_conntrack_netbios_ns # CIFS tracking
modprobe nf_conntrack_ftp # FTP module
modprobe nf_nat_ftp # FTP NAT module

modprobe xt_state
modprobe xt_length
modprobe xt_limit
modprobe xt_mac
modprobe xt_physdev
modprobe xt_pkttype
modprobe xt_multiport
modprobe xt_mac
modprobe xt_MARK
modprobe xt_DSCP
modprobe xt_TCPMSS
modprobe xt_mark
modprobe xt_connlimit
modprobe xt_string
modprobe xt_owner
modprobe xt_iprange
modprobe ipt_ECN 2> /dev/null
modprobe ipt_ecn 2> /dev/null
modprobe ipt_LOG

# Load the vpn module
modprobe tun

#Load the fuse module
modprobe fuse

#load cifs
modprobe cifs
Top
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: [SOLVED] APF Blocking Active FTP

Unread post by faris »

Is the code that looks at these part of the ASL kernel package, or is it elsewhere? I'm just thinking that trying to load these in a VPS is going to cause a lot of error messages if they have not been loaded (or are not avaulable) on the hardware node.

Also why load ipv6 modules? Just curious.

Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Top
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4155
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: [SOLVED] APF Blocking Active FTP

Unread post by mikeshinn »

In case anyone comes to this thread over a year later (cough), this is the current list:

Code: Select all

ip_tables
iptable_filter
iptable_nat
iptable_mangle
nf_nat
x_tables
ipt_stealth
ipt_owner
ipt_REJECT
ipt_recent
ipt_REDIRECT
xt_tcpudp
xt_conntrack
nf_conntrack
nf_conntrack_ipv4
nf_conntrack_netbios_ns
nf_conntrack_ftp
nf_conntrack_sane
nf_nat_ftp
xt_state
xt_length
xt_limit
xt_mac
xt_physdev
xt_pkttype
xt_multiport
xt_mac
xt_MARK
xt_DSCP
xt_tcpmss
xt_TCPMSS
xt_mark
xt_connlimit
xt_string
xt_owner
xt_iprange
ipt_ECN
ipt_ecn
ipt_LOG
tun
fuse
cifs
aes_generic
aes_x86_64
twofish_x86_64
twofish_common
sha256_generic
cbc
ecb
dm_crypt
crypto_blkcipher
Top
Post Reply

Return to “General Help and Development Discussion”