Manualshelf

HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
81828384858687888990
Passive FTP
FTP clientDirection of connection
initiated
FTP server
any port 1024 or higher<----------------port 21 (control port)
any port 1024 or higher<----------------any port 1024 or higher (data port)
To let an FTP client open a passive FTP session, configure IPFilter to allow both the control and
data connections out.
Use the following ruleset for client-side, passive FTP:
pass out quick proto tcp from client_ip port > 1023 to any port = 21 flags S keep state
pass out quick proto tcp from client_ip port > 1023 to any port > 1023 flags S keep state
block in from any to any
block out from any to any
TIP: For stronger security, configure IPFilter to allow only active FTP connections from FTP servers.
86 HP-UX IPFilter and FTP