1 class ferm::ftp_conntrack {
2 # This also works for jessie hosts, but requires a reboot
3 if (versioncmp($::lsbmajdistrelease, '9') >= 0) {
4 # Allow non-passive connections to an FTP server
5 ferm::rule { 'dsa-ftp-conntrack-client':
7 description => 'ftp client connection tracking',
10 rule => 'proto tcp dport 21 CT helper ftp'
13 # Allow passive connections from an FTP client
14 ferm::rule { 'dsa-ftp-conntrack-server':
16 description => 'ftp server connection tracking',
18 chain => 'PREROUTING',
19 rule => 'proto tcp dport 21 CT helper ftp'
22 ferm::module { 'nf_conntrack_ftp': }