The default firewall of Linux is iptables which can be use to block Ftp access/port on your server. If you have a CSF firewall (which also use iptables), see section 2.
Section 1: Iptables
Completely block Ftp access on the server:
# iptables -A INPUT -p tcp --dport 21 -j DROP
Block Ftp access for a specific IP address, say 11.12.13.14
# iptables -A INPUT -p tcp -s 11.12.13.14 --dport 21 -j DROP
Block Ftp access for a specific subnet
# iptables -I INPUT -p tcp -s 11.12.13.0/24 --dport 21 -j DROP
The rules need to be saved else they will be removed if the iptables service is restarted.
# service iptables save
Section 2: CSF
To completely block Ftp access, edit csf.conf file and remove port 21 from the TCP_IN list
# pico /etc/csf/csf.conf
To block Ftp access for a specific IP address, edit the csf.deny file
# pico /etc/csf/csf.deny
and place the following line
tcp:in:d=21:s=11.12.13.14
Save the file and don’t forget to restart the firewall.
Comments are closed.