4. tftp proxy, filtering by source and destination

tftp proxy, filtering by source and destination

  • S

    hello

    is there any way to enable the tftp proxy while filtering source and destination addresses.

    ideally, i would like to allow tftp from the whole LAN ( all interfaces : i create those a lot ) to a specific machine. it would seem meanigful to me to enable the tftp proxy in a regular rule or possibly a nat rule

    unfortunately, using the tftp proxy existing feature enables tftp from all hosts to an interface to the world. the rule is an "rdr pass ..." and is located above all other rules including floatings.

    is there an existing way to do this ? or am i wishing for a new feature ?

    i already know how to allow tftp using stateless rules but that does not really fit my bill for various reasons : namely : said rules would allow a one-way udp communication from the tftp server to the lan. that would be acceptable, should the tftp server bind the ports on startup and allow to use ports <1024. unfortunately it cannot be instructed to do so.

    what makes it worse in my case is i use the firewalls tftp server over source ports <1024 to pull some hidden config files that i do not wish to be world readable.

    thanks for your time

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy