Firewalls: Re: Controlling ftp file transfers

Firewalls
(June 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Controlling ftp file transfers
From:	"walt (w.r.) sullivan" <walt @ bnr . ca>
Date:	Thu, 29 Jun 1995 07:54:00 -0400
To:	drjarmon @ hsv20 . pcmail . ingr . com, firewalls @ greatcircle . com
X400-content-type:	P2-1984 (2)
X400-mts-identifier:	[/PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/;bcars520.b.186:29.05.95.11.54.46]
X400-originator:	/dd.id=1597771/g=walt/i=wr/s=sullivan/@bnr.ca
X400-received:	by mta bnr.ca in /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Thu, 29 Jun 1995 07:54:55 -0400
X400-received:	by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Thu, 29 Jun 1995 07:54:46 -0400
X400-received:	by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Thu, 29 Jun 1995 07:54:00 -0400

In a post I saw in firewalls-digest, you write:

> We would like to be able to control ftp file transfers
> using this policy.  Internal nodes can get remote files
> but not put.  Can this be controlled with a Screening
> Router?  Cisco?  Baynetworks? Others?
> 

The Raptor Eagle firewall (not a screeneing router, but ...) lets you
apply "Service Limits" to the rules governing connections. Some of the
Service Limits are: "notelnet", "noftp", "ftp.getonly", "ftp.putonly".
"ftp.getonly" does what you're looking for. See http://www.raptor.com
for more information.

Walt

Walt Sullivan
Bell-Northern Research, Department 4D17
Mail Stop 240, P.O. Box 3511, Station "C"
Ottawa, Ontario, Canada, K1Y 4H7
Phone: (613) 763-7952; FAX: (613) 765-2854

Indexed By Date	Previous:	Re: intelligent/"stateful" packet filter weaknesses From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Date	Next:	Re: intelligent/"stateful" packet filter weaknesses From: Frederick M Avolio <avolio @ TIS . COM>
Indexed By Thread	Previous:	Re: Controlling ftp file transfers From: mcr @ milkyway . com (Michael Richardson)
Indexed By Thread	Next:	Re: Controlling ftp file transfers From: Craig McLellan <mclelcl @ onto . network . com>