Why Won't the FTP Security Server Let Me Use Certain FTP Commands?

[roadrunner]

Why Won't the FTP Security Server Let Me Use Certain FTP Commands?
The following commands are enabled by default:

USER PASS ACCT REIN BYE QUIT BYTE SOCK PASV TYPE STRU MODE PORT RETR STOR STOU APPE ALLO REST RNFR RNTO ABOR DELE LIST NLST SITE MLFL MAIL MSND MSOM MSAM MRSQ MRCP CWD PWD RMD MKD HELP NOOP CDUP SYST XMKD XCWD XRMD XPWD XCUP XMD5 FIND MDTM SIZE MACB FW1C
The list of allowed commands is stored in the property ftp_allowed_cmds, which can be edited with dbedit or by manually editing $FWDIR/conf/objects_5_0.C or $FWDIR/conf/objects.C on the management console. See EditingObjectsDotC for details. You can also edit this property in SmartDefense, available in FireWall-1 NG FP2 with SmartDefense supplement or NG FP3 and later.

Similar changes can also be made on the firewall module itself in FireWall-1 4.1 and earlier. Create the file $FWDIR/conf/aftpd.conf with the following lines:


To allow MACB, add macb=1 to the file.
To allow MAIL, MLFL, MRCP, MRSQ, MSAM, MSND and MSOM, add mail_cmd=1 to the file.
To allow PORT command to known TCP ports, or to IP addresses different from the client's, add port_spoof=1 to the file.
To allow REST, add restart=1 to the file.
To allow SOCK, add sock_cmd=1 to the file.
To allow SITE, add site_cmd=1 to the file.
To allow all other FTP commands, add optimist=1 to the file.
To allow PWD reply with no quotes around the directory name, add pwd_unquoted=1 to the file (only in FireWall-1 4.0 SP6, 4.1 SP1, and later).
-- PhoneBoy - 01 Jan 2004


FAQForm
FAQs.Class: ContentSecurityFAQs
OperatingSystem?:
FAQs.Version: