To strength security of the firewall (we all know that ftp is a challenge for firewall security) I want enforce ftp-client establish only a specific port for data.
My box is an ftp client in terms of ftp communication. I don't need ftp server on my box (we live in era of cloud services!), but when I compile from ports some packages provide only 'oldy' ftp servers for fetch, no https. Assuming that these servers allow active mode I want my ftp-client establish only a specific port for data and allow only 20<->thisport communication on ipfw. Manpage says how to force fetch use active-mode (--no-passive option). Well... already not bad, but do you know any hack (I agree on hack, e.g. source modification) to tell fetch open a specific port for data?
Another idea is symlink fetch to any other ftp-client that would support this. Do you know any other ftp-client that allows enforce a specific data port?
My box is an ftp client in terms of ftp communication. I don't need ftp server on my box (we live in era of cloud services!), but when I compile from ports some packages provide only 'oldy' ftp servers for fetch, no https. Assuming that these servers allow active mode I want my ftp-client establish only a specific port for data and allow only 20<->thisport communication on ipfw. Manpage says how to force fetch use active-mode (--no-passive option). Well... already not bad, but do you know any hack (I agree on hack, e.g. source modification) to tell fetch open a specific port for data?
Another idea is symlink fetch to any other ftp-client that would support this. Do you know any other ftp-client that allows enforce a specific data port?