IndianWebPortal.com

Something Different In Linux

Home » cpanel » block ftp access using firewall

block ftp access using firewall

Posted by Rishikesh Vispute Categories: cpanel, ftp issues, How to

Block FTP access using the IPtables(Default system firewall)

1) If you want to completely disable the FTP access on the server then run the command :

root@server[#] iptables -A INPUT -p tcp –dport 21 -j DROP

2) If you want to block FTP access for a Specific IP then run the below command :

root@server[#] iptables -A INPUT -p tcp -s 10.10.10.10 –dport 21 -j DROP

3) If you want to Disable FTP access for Specific Subnet then run the below command :

root@server[#] iptables -I INPUT -p tcp -s 10.10.10.10/24 –dport 21 -j DROP

After adding the adding rules you need to save the rules by running the command :

root@server[#] /etc/init.d/iptables save

Then to apply the above saved rules , restart the IPtables by running the command :

root@server[#] /etc/init.d/iptables restart

Block FTP access using the CSF firewall

1) If you want to completely disable the FTP access on the server then follow the steps :

root@server[#] vi /etc/csf/csf.conf

Search for the lines :
# Allow incoming TCP ports
TCP_IN =
and remove the port 21 from the list
Save and quit .

And then restart the CSF firewall using the below command :

root@server[#] csf -r

2) If you want to block FTP access for a Specific IP then follow the below steps :

root@server[#] vi /etc/csf/csf.deny

and add the line :
tcp:in:d=21:s=10.10.10.10

save and quit

And then restart CSF firewall using the below command :

root@server[#] csf -r

3) If you want to allow FTP access for only one ip on the server and denied for all other ips
follow the steps :

root@server[#] vi /etc/csf/csf.conf

Then search for the line :
# Allow incoming TCP ports
and the remove the ports : 21 and 22

and also search for the line :

# Allow outgoing TCP ports
and remove the ports : 21 and 22

Save and quit

Then open the csf.allow file

root@server[#] vi /etc/csf/csf.allow
and add the entry as :

tcp:in:d=21:s=10.10.10.10

Save and Quit.

And then restart the CSF service

root@server[#] csf -r

Note : Replace the IP 10.10.10.10 with the Actual IP.


Popular Posts

remove index.php fro

How to remove index.php from url in magento Ans : If you ...

PHP-Java bridge on p

  What is php-java bridge? The php-java bridge is the php ...

Set expiration for y

If you want to set the expiration to your site ...

Warning: Parameter 1

Error: Warning: Parameter 1 to modMainMenuHelper::buildXML() expected to be a ...

domain pointing to e

If you domain uses external MX record and it is ...