1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Lakewood, WA
    Rep Power

    iptables question

    I'm fairly new to knowledgeable editing of iptables...

    I'd like to allow SFTP while blocking FTP.

    I'm aware that FTP uses two ports, but that one of those ports is also required for SFTP.

    Yes, I can probably hack something out, but I'd prefer some expert input...

    Can someone help me out by pointing me in the right direction?
  2. #2
  3. Headless Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Washington, USA
    Rep Power
    If you want SFTP and not FTP then make sure your FTP server software supports SFTP and does not support FTP. It's that simple.

    So it's not really an iptables thing. Yeah, you could use a firewall to manage which ports are accessible, but if there is no service waiting on the FTP port then nothing can connect there anyways.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Rep Power
    The default port of SFTP is 22 and its over FTP SSH, you don't need an FTP server to be running nor port 21. Only port 22.

    If you are referring to FTPS that's another thing.

    Based on what you posted though, SFTP and FTP are not related nor they share the same ports so you should have no problem disabling port 21.

    Comments on this post

    • kicken agrees

IMN logo majestic logo threadwatch logo seochat tools logo