PF Rules for Passive FTP Connection

When you try to securing FTP server with firewall, you should concert about FTP mode. there’s 2 ftp modes, passive and active FTP.I’ve try to configuring pf rules for FTP passive mode with simple rule like this (default block on PF) :

pass in on $ext_if proto tcp to port 21

when servicing passive FTP connection, FTP server using high random ports for transfering data. So, you must passing all of those ports. PF rules will look like this :

pass in on $ext_if proto tcp to port 21
pass in on $ext_if proto tcp to port > 49151

Done 🙂