We installed the latest CSF on a few of our VPS and its been killing pure-ftpd lately. Whenever the firewal is turned on, ftp users are getting timeout errors or unable to list dfirectory. We are using the latest cPanel STABLE on CentOS 4 and the following IP tables modules are installed: ip_tables ipt_state ipt_multiport iptable_filter ipt_limit ipt_LOG ipt_REJECT ipt_conntrack ip_conntrack ip_conntrack_ftp iptable_mangle Even the following are set for pure-ftp and csf: # configure the FTP daemon to use that same hole. For example, with pure-ftpd # you could add the port range 30000:35000 to TCP_IN and add the following line # to /etc/pure-ftpd.conf (without the leading #): # PassivePortRange 30000 35000 # Then restart pure-ftpd and csf and passive FTP should then work MONOLITHIC_KERNEL = "1" Turn off CSF and things back to normal. Advise, please?