I am trying to restrict the FTP access to specific IP only. To achieve the same I have tried the hosts.allow and hosts.deny, but am not able to make it work. I have seen a Post by Till where you mentioned https://git.ispconfig.org/ispconfig/ispconfig3/issues/1015 As far as I know, pure-ftpd obeys the hosts.deny and hosts.allow files. So you can restrict access based on IP addresses to pure-ftpd in these files. The syntax I have tried to use in the files is like this: hosts.deny Code: pure-ftpd : ALL : deny ftp : ALL : deny pure-ftp : ALL : deny ftpd : ALL : deny hosts.alllow Code: pure-ftpd : localhost : allow pure-ftpd : 192.168.0. : allow all : my ip : allow what I am missing here.
Hi Taleman - I am using ubuntu 16.04. for sshd it is working fine. but for ftp, I couldn't find the resolution. When I run the command service --status-all I get the ftp service as pure-ftpd-mysql. when running pure-ftpd-mysql-status I get like below: Code: Oct 13 19:11:05 server2 pure-ftpd[30404]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher Oct 13 19:11:47 server2 pure-ftpd[30432]: (?@my ip) [INFO] New connection from 106.222.68.57 Oct 13 19:11:49 server2 pure-ftpd[30432]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher Oct 13 19:11:50 server2 pure-ftpd[30432]: (?@my ip) [INFO] mywebm1 is now logged in Oct 13 19:11:54 server2 pure-ftpd[30432]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher Oct 13 19:15:06 server2 pure-ftpd[31980]: (?@::1) [INFO] New connection from ::1 Oct 13 19:17:13 server2 pure-ftpd[32054]: (?@my ip) [INFO] New connection from 157.41.218.31 Oct 13 19:17:14 server2 pure-ftpd[32054]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher Oct 13 19:17:15 server2 pure-ftpd[32054]: (?@my ip) [INFO] mywebm1 is now logged in Oct 13 19:17:20 server2 pure-ftpd[32054]: (?@my ip) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-GCM-SHA384, 256 secret bits cipher It also lists new connection from ::1, is that fine? I have modified the hosts.allow and tried to replace pure-ftpd wiht pure-ftpd-mysql, but no success. also if add ALL:ALL in hosts.deny it works, means I am not able to connect. what this means is that I am definitely missing in naming the ftp service correctly.