PF Rules for Passive FTP Connection

When you try to securing FTP server with firewall, you should concert about FTP mode. there’s 2 ftp modes, passive and active FTP.I’ve try to configuring pf rules for FTP passive mode with simple rule like this (default block on PF) :

pass in on $ext_if proto tcp to port 21

when servicing passive FTP connection, FTP server using high random ports for transfering data. So, you must passing all of those ports. PF rules will look like this :

pass in on $ext_if proto tcp to port 21
pass in on $ext_if proto tcp to port > 49151

Done 🙂

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s