How to configure firewall to allow FTP connection from localhost only?
Deny default policy is enabled and allowed source localhost is added, then it is not possible to use DNS service:
# dig -x example.com connection timed out; no servers could be reached
There are two possibilities to reach the goal:
1. Via Plesk firewall:
Tools & Settings > Firewall > Modify Plesk Firewall Rules
System policy for incoming trafficset
127.0.0.1as allowed host for FTP connection. In
Allow from selected sources, deny from othersand point
Activate the DNS service by adding a rules to accept the incoming traffic sent from local port 53:
# iptables -I INPUT -m tcp -p tcp --sport 53 -j ACCEPT # iptables -I INPUT -m udp -p udp --sport 53 -j ACCEPT
- Click Apply changes.
2. In server console with
# iptables -I INPUT -p tcp --dport ftp ! -s 127.0.0.1/24 -j DROP
This will allow establishing FTP connection from localhost only, staying on
Allow default policy without adding rules for DNS service.