diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway index 44640c8..76b203d 100755 --- a/ip6t-firewall-gateway +++ b/ip6t-firewall-gateway @@ -1964,10 +1964,16 @@ if $allow_ftp_request_out ; then for _dev in ${ext_if_arr[@]} ; do $ip6t -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT $ip6t -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT + # - Allow active FTP connections from local network + # - + #$ip6t -A INPUT -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then $ip6t -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT $ip6t -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT fi + # - Allow active FTP connections from local network + # - + $ip6t -A FORWARD -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT done echo_done diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index d55acf2..ccbd2e5 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -2650,10 +2650,16 @@ if $allow_ftp_request_out ; then for _dev in ${ext_if_arr[@]} ; do $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT + # - Allow active FTP connections from local network + # - + #$ipt -A INPUT -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT fi + # - Allow active FTP connections from local network + # - + $ipt -A FORWARD -i $_dev -p tcp --sport 20 -m conntrack --ctstate NEW -j ACCEPT done echo_done