A few months ago i blocked access to my server via port 22 and 21 because i didnt feel comfortable with FTP. I had a few entries in my log files of people trying to access my server via ftp, and although they didnt gain access i decided to block it anyway. But its a real pain because if i want to ftp anything i have to log on and enabled access to that port in the firewall config first then disable it again. Is there anyway to ensure the FTP is secure enough to leave it open?
A really simple solution to this would to use tcp wrappers.
Make the ftp server listen to hosts.deny/allow and then add something like this into hosts.deny: ALL: ALL
and something like this into hosts.allow:
Just add the IP's that you wan't to allow into there. You can also use something like this: ALL: 127.0 so you don't have to manually fix that setting every time the client's ip change.