Categories: cPanelFTP issuesHow To

Block FTP access using firewall

Block FTP access using the IPtables(Default system firewall)

1) If you want to completely disable the FTP access on the server then run the command :

root@server[#] iptables -A INPUT -p tcp –dport 21 -j DROP

2) If you want to block FTP access for a Specific IP then run the below command :

root@server[#] iptables -A INPUT -p tcp -s 10.10.10.10 –dport 21 -j DROP

3) If you want to Disable FTP access for Specific Subnet then run the below command :

root@server[#] iptables -I INPUT -p tcp -s 10.10.10.10/24 –dport 21 -j DROP

After adding the adding rules you need to save the rules by running the command :

root@server[#] /etc/init.d/iptables save

Then to apply the above saved rules , restart the IPtables by running the command :

root@server[#] /etc/init.d/iptables restart

Block FTP access using the CSF firewall

1) If you want to completely disable the FTP access on the server then follow the steps :

root@server[#] vi /etc/csf/csf.conf

Search for the lines :
# Allow incoming TCP ports
TCP_IN =
and remove the port 21 from the list
Save and quit .

And then restart the CSF firewall using the below command :

root@server[#] csf -r

2) If you want to block FTP access for a Specific IP then follow the below steps :

root@server[#] vi /etc/csf/csf.deny

and add the line :
tcp:in:d=21:s=10.10.10.10

save and quit

And then restart CSF firewall using the below command :

root@server[#] csf -r

3) If you want to allow FTP access for only one ip on the server and denied for all other ips
follow the steps :

root@server[#] vi /etc/csf/csf.conf

Then search for the line :
# Allow incoming TCP ports
and the remove the ports : 21 and 22

and also search for the line :

# Allow outgoing TCP ports
and remove the ports : 21 and 22

Save and quit

Then open the csf.allow file

root@server[#] vi /etc/csf/csf.allow
and add the entry as :

tcp:in:d=21:s=10.10.10.10

Save and Quit.

And then restart the CSF service

root@server[#] csf -r

Note : Replace the IP 10.10.10.10 with the Actual IP.

Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.
View all posts
Tags: Actual IPblock FTP accesscommandDefault system firewallfirewallipsIPtablesrestart CSF firewallroot serverServersystem
10 years ago
Leave a Comment

Recent Posts

Make in India, Make for the World: How Hostripples Empowers Modi’s Vision

Introduction Prime Minister Narendra Modi’s clarion call — “Make in India, Make for the World” — is not just a…

11 hours ago

AI – Powered Customer Support in Hosting: Chatbots & Virtual Assistants

Customer support has always been the backbone of the web hosting industry. From helping users set up domains to troubleshooting…

2 weeks ago

ChatGPT: Your Ultimate AI Content Generation Tool

Content is the most vital asset for businesses navigating the digital era. But creating high-quality, engaging content consistently can be…

4 weeks ago

Discover Ollama: How It Works, Features & Everything?

Welcome to the exciting world of Ollama, a revolutionary open-source tool that's democratizing access to Large Language Models (LLMs). If…

1 month ago

Connecting to Amazon EC2 via WinSCP (SFTP): A Complete Guide

Managing files on your Amazon EC2 instances can often feel like navigating a complex maze, especially when you prefer a…

2 months ago

Resources