Configure Firewalls to Protect the FTP Server
An XCCDF Rule
Description
By default, firewalld
blocks access to the ports used by the web server.
To configure firewalld to allow ftp access, run the following command(s):
firewall-cmd --permanent --add-service=ftpThen run the following command to load the newly created rule(s):
firewall-cmd --reload
Rationale
These settings configure the firewall to allow connections to an FTP server.
The first line allows initial connections to the FTP server port.
FTP is an older protocol which is not very compatible with firewalls. During the initial FTP dialogue, the client
and server negotiate an arbitrary port to be used for data transfer. The ip_conntrack_ftp module is used by
iptables to listen to that dialogue and allow connections to the data ports which FTP negotiates. This allows an
FTP server to operate on a system which is running a firewall.
- ID
- xccdf_org.ssgproject.content_rule_ftp_configure_firewall
- Severity
- Unknown
- Updated