Jack wrote:
Correct me if I'm wrong, but the simple firewall rules posted earlier would effectively break ftp. Wouldn't the unpriviledged ports also be blocked? Wouldn't you need to specifically allow the unpriviledged ports for either active or passive ftp? Wouldn't you need to allow outbound ports also? I don't remember all the rules posted, but I would think that the default rule would be to drop inbound and outbound unused ports.
AFAIK, the firewall rules that Chris posted premit all outbound traffic. Assuming that you're firewalling the client and not the server, this would allow passive FTP connections since they originate from the client. To allow active connections in from the server to the client you'd have to enable some sort of connection traffic.