The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: FTP and Newlines

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


Some FTP implementations send a PORT command in one packet and the newline character in another. By default, VPN-1/FireWall-1 assumes the PORT command and the newline will appear in the same packet. To enable checking for this, edit $FWDIR/lib/base.def on the management console as follows and reinstall the security policy.

1) (Previous versions of the base.def file indicated that this step was necessary) Comment out the first #define FTPPORT statement, i.e. change

    #define FTPPORT(match)   (call KFUNC_FTPPORT <0x1|(match)>)

to

    // #define FTPPORT(match)   (call KFUNC_FTPPORT <0x1|(match)>)

2) Uncomment the second #define FTPPORT statement, i.e., change

    // Use this if you do not want the FW-1 module to insist on a
    // newline at the end of the PORT command:
    // #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>)

to

    // Use this if you do not want the FW-1 module to insist on a
    // newline at the end of the PORT command:
    #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>)

Some other sites do not send out a proper newline at all. To resolve this, comment out the following line in $FWDIR/lib/base.def on the management console (i.e., add // at the beginning of the line) and reinstall the policy.

    #define FTP_ENFORCE_NL

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.