How to Block Ftp Access/Port using iptables OR CSF?

The default firewall of Linux is iptables which can be use to block Ftp access/port on your server. If you have a CSF firewall (which also use iptables), see section 2.

Section 1:  Iptables

Completely block Ftp access on the server:

# iptables -A INPUT -p tcp --dport 21 -j DROP

Block Ftp access for a specific IP address, say 11.12.13.14

# iptables -A INPUT -p tcp -s 11.12.13.14 --dport 21 -j DROP

Block Ftp access for a specific subnet

# iptables -I INPUT -p tcp -s 11.12.13.0/24 --dport 21 -j DROP

The rules need to be saved else they will be removed if the iptables service is restarted.

# service iptables save

Section 2: CSF

To completely block Ftp access, edit csf.conf file and remove port 21 from the TCP_IN list

# pico /etc/csf/csf.conf

To block Ftp access for a specific IP address, edit the csf.deny file

# pico /etc/csf/csf.deny

and place the following line

tcp:in:d=21:s=11.12.13.14

Save the file and don’t forget to restart the firewall.

This entry was posted on Sunday, August 1st, 2010 and is filed under Linux Administration. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.