Hi,

What is the best method to restrict access to ftp ? I mean that I would like to allow ftp access only to certain ip's not for the whole world.
If that can be done with iptables, then what kind of a rule ? Where shall I put it ?

Thank,

Jysse

This should give you the idea:
http://www.computing.net/answers/linux/hostsdeny-and-hostsallow/10586.html
http://www.troutman.org/tech/linux_guides/secure.html

Unfortunately I did'nt succeed with this. I don't that think that I can use host.deny/host.allow because pure-ftpd is a stanalone daemon. Is this correct ?
Looks like it when I check /etc/default/pure-ftpd-common.

Tried to add an iptables rule:
iptables -A PUB_IN -s ipaddresssource -d ipaddressserver -p tcp --dport 21 -j ACCEPT
This would not let me in with ftp.

I think that fail2ban could also be a nice solution. Tested it with ssh. Result was not what I expected. Looking at fail2ban.log I can see that ip was banned. Despite that I was able to log in from that same address with ssh client ?
Also I did add a jail for pure-ftpd but there was no affect. (/etc/fail2ban/jail.conf)

Thanks for your help.

jysse