Permit rule allowing outbound FTP client connections from the local host (9.1.1.1) to a remote FTP server (9.1.1.2):
IpFilterRule FTP-client
{
IpSourceAddr 9.1.1.1
IpDestAddr 9.1.1.2
IpService
{
SourcePortRange 1024 65535
DestinationPortRange 21
Protocol tcp
Direction bidirectional OutboundConnect
Routing local
SecurityClass 0
}
IpService
{
SourcePortRange 1024 65535
DestinationPortRange 20
Protocol tcp
Direction bidirectional InboundConnect
Routing local
SecurityClass 0
}
IpGenericFilterActionRef permit
}
Normal (non-passive mode) FTP requires that the FTP client be allowed to initiate outbound connections to port 21, and be able to receive inbound connections from port 20. The IpGenericFilterAction permit block must be defined elsewhere, in either the common or the stack-specific IP security configuration file:
IpGenericFilterAction permit
{
IpFilterAction permit
}