Re: Any danger from these ports?

["Charles R. Anderson" <cra WPI EDU>]

On Thu, Jan 13, 2005 at 01:03:18AM +0100, Alexander Dalloz wrote:
> It is much better to use ip_conntrack_ftp iptables helper module and the
> stateful capabilities of iptables (ESTABLISHED,RELATED) rather than to
> "blindly" open a range of high ports. Why using ipchains, which is not
> stateful, when having iptables?

Because the box is a RHL 7.3 box and I was only familiar with ipchains
at the time.  Because non-stateful firewalls by their very nature
operate in a simpler manner that is less likely to break.  Because I
know nothing besides FTP is using the passive port range I chose. 
Note that I did qualify my statements with "If you are not using a
stateful firewall with a FTP helper"...

If I was going to set this up again today, I would probably use what
you suggest.