How to configure firewall to allow FTP connections only from localhost

Refers to:

  • Plesk for Linux

Created:

2016-11-16 13:11:07 UTC

Modified:

2016-12-21 20:08:25 UTC

0

Was this article helpful?


Have more questions?

Submit a request

How to configure firewall to allow FTP connections only from localhost

Question

How to configure firewall to allow FTP connection from localhost only?

When firewall Deny default policy is enabled and allowed source localhost is added, then it is not possible to use DNS service:

# dig -x example.com
connection timed out; no servers could be reached

Answer

There are two possibilities to reach the goal:

1. Via Plesk firewall:

Tools & Settings > Firewall > Modify Plesk Firewall Rules

  • Activate iptables Deny policy. In System policy for incoming traffic set Deny ;

  • Set 127.0.0.1 as allowed host for FTP connection. In FTP server set Allow from selected sources, deny from others and point 127.0.0.1 ;

  • Activate the DNS service by adding a rules to accept the incoming traffic sent from local port 53:

    # iptables -I INPUT -m tcp -p tcp --sport 53 -j ACCEPT
    # iptables -I INPUT -m udp -p udp --sport 53 -j ACCEPT
  • Click Apply changes .

2. In server console with iptables :

    # iptables -I INPUT -p tcp --dport ftp ! -s 127.0.0.1/24 -j DROP

This will allow establishing FTP connection from localhost only, staying on Allow default policy without adding rules for DNS service.

Have more questions? Submit a request
Please sign in to leave a comment.