IPTables rules for FTP server

To open access to the FTP server in IPTables, you need to add rules:

sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1024:1030 -j ACCEPT

To only allow access to a particular network, for example 192.168.1.0/24:

sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 21 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 1024:1030 -j ACCEPT

To remove a rule, we’ll specify the same command, replacing -A with -D, for example:

sudo iptables -D INPUT -p tcp --dport 21 -j ACCEPT
sudo iptables -D OUTPUT -p tcp --sport 20 -j ACCEPT
sudo iptables -D INPUT -p tcp --dport 1024:1030 -j ACCEPT

To view the list of rules, use the command:

sudo iptables -nvL

1024-1030 – example ports for passive mode are specified in the FTP server configuration, for example for ProFTPd are specified in the /etc/proftpd/proftpd.conf file as follows:

PassivePorts 1024 1030

See also my articles:
Configuring IPTables
Active and passive FTP mode
Installing and Configuring Pure-FTPd in Ubuntu
Installing and Configuring ProFTPd in Ubuntu

Leave a comment

Leave a Reply