Hi, What is the best method to restrict access to ftp ? I mean that I would like to allow ftp access only to certain ip's not for the whole world. If that can be done with iptables, then what kind of a rule ? Where shall I put it ? Thank, Jysse
This should give you the idea: http://www.computing.net/answers/linux/hostsdeny-and-hostsallow/10586.html http://www.troutman.org/tech/linux_guides/secure.html
Unfortunately I did'nt succeed with this. I don't that think that I can use host.deny/host.allow because pure-ftpd is a stanalone daemon. Is this correct ? Looks like it when I check /etc/default/pure-ftpd-common. Tried to add an iptables rule: iptables -A PUB_IN -s ipaddresssource -d ipaddressserver -p tcp --dport 21 -j ACCEPT This would not let me in with ftp. I think that fail2ban could also be a nice solution. Tested it with ssh. Result was not what I expected. Looking at fail2ban.log I can see that ip was banned. Despite that I was able to log in from that same address with ssh client ? Also I did add a jail for pure-ftpd but there was no affect. (/etc/fail2ban/jail.conf) Thanks for your help. jysse
