1 class ferm::ftp_conntrack {
2 # Allow non-passive connections to an FTP server
3 ferm::rule { 'dsa-ftp-conntrack-client':
5 description => 'ftp client connection tracking',
8 rule => 'proto tcp dport 21 CT helper ftp'
11 # Allow passive connections from an FTP client
12 ferm::rule { 'dsa-ftp-conntrack-server':
14 description => 'ftp server connection tracking',
16 chain => 'PREROUTING',
17 rule => 'proto tcp dport 21 CT helper ftp'