How to restrict FTP access to particular IP?

[hustla66]

Hello,

I am administrating a server running WHM/cPanel on root level. I would like to know how to properly restrict FTP access to limited amount of IPs and deny all others? I have restricted WHM, SSH and CP areas with Host Access Control but this will not work for proper FTP restricting.

I believe this is done trough SSH and iptable rules. Please give me examples and solutions for this!

Your help is much appreciated!

 

[quietFinn]

You don't happen to use CSF, do you?

 

[hustla66]

I am familiar with it's interface and used it for a couple of times to whitelist some IPs trough firewall. I have also reviewed the iptable rules trough the interface there, but don't know how to do restrict particular IPs for the port of FTP. Thanks

 

[anton_latvia]

If you only want to allow several IPs to FTP, remove ports 20 and 21 from allowed incoming port list in CSF and then add those happy-IPs to the whitelisted list.

 

[hustla66]

If you only want to allow several IPs to FTP, remove ports 20 and 21 from allowed incoming port list in CSF and then add those happy-IPs to the whitelisted list.

Could you please instruct step by step? Where and how to remove these ports? Then whitelisting IPs is trough the Quick-Allow feature?

 

[quietFinn]

Could you please instruct step by step? Where and how to remove these ports? Then whitelisting IPs is trough the Quick-Allow feature?

You remove ports in WHM-> Plugins-> ConfigServer Security & Firewall-> Firewall Configuration-> TCP_IN
Remove ports 20 & 21 from the list, scroll down, click "Change" and then "Restart csf+lfd".

You allow specifict IPs to use FTP like this:
WHM-> Plugins-> ConfigServer Security & Firewall-> Firewall Allow IPs:
you add lines like this:
tcp|in|d=20_21|s=IP_ADDRESS_HERE

that allows connections from that IP to ports 20 & 21.

then click "Change" and "Restart csf+lfd".