Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
131132133134135136137138139140
HP-UX IPFilter and FTP
Running an FTP Client
Chapter 7120
Passive FTP
To let an FTP client open a passive FTP session, configure IPFilter to
allow both the control and data connections out.
Use the following ruleset for client-side, passive FTP:
pass out quick proto tcp from
<client-ip>
port > 1023 to any
port = 21 flags S keep state
pass out quick proto tcp from
<client-ip> port>
1023 to any
port > 1023 flags S keep state
block in from any to any
block out from any to any
TIP For stronger security, configure IPFilter to allow only active FTP
connections from FTP servers.
FTP Server
Direction of
Connection
Initiated
FTP Client
port 21
control port
<---------------- any port 1024 or higher
any port 1024 or higher
data port
<---------------- any port 1024 or higher