I have a webserver running on Centos 6.6. Recently Config Server Security Firewall send me over 150 email about some malicious bots trying to guess my clients ftp users and passwords. I hate bruteforce attacks and i try to change my ftp port from 21 to ****. I configured my purefptd.conf
# IP address/port to listen to (default=all IP and port 21).
Bind *** # My New Port Here Without 127.0.0.1
Then I allowed in my csf config file new port all TCP_IN, TCP_OUT, UDP_IN, UDP_OUT both for IPv4 and IPv6 and add iptables rules following resources
iptables -A INPUT -p tcp --dport newport -j ACCEPT
iptables -A OUTPUT -p tcp --dport newport -j ACCEPT
iptables -A INPUT -p udp --dport newport -j ACCEPT
iptables -A OUTPUT -p udp --dport newport -j ACCEPT
service iptables save
service iptables restart
After changes I restart pureftpd and csf. Now when I'm trying to connect to my ftp server via Filezilla 3.9.0.6 it gives me this answer.
Response: 227 Entering Passive Mode (*,*,*,*)
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing