"What can I do to restrict access to my FTP server?"

Since upgrading to TCPware 5.6, there is no longer an FTP service. I used to add an access list to the FTP service but now that there is no service I can not do this. What can I do to restrict access to my FTP server?

The new FTP server no longer runs as a service added via the NETCU ADD SERVICE commands like the previous FTP server. The new FTP server runs as a separate process named TCPware_FTP. Restricting access to the FTP server requires using a packet filter. The example below is of a filter file that you can use as a template to help set up one that matches your needs. The comments in it describe what each line does. The filter file should be named TCPWARE:FILTER-line-ID.DAT, replacing line-ID with the TCPware line-ID in use on your system.

For example: TCPWARE:FILTER-EWA-0.DAT.

The command NETCU SHOW NETWORK lists the lines configured on your system. TCPWARE:STARTNET.COM adds the filter automatically during startup if the filter file has a proper name. You can add the filter manually using the NETCU ADD FILTER command. For example:

$ NETCU SET FILTER EWA-0 TCPWARE:FILTER-EWA-0.DAT

! begin filter-LINEID.dat

!

! permit only IP address on the 192.1.1.0/24 network to FTP to this system

!

! Action proto saddr smask daddr dmask dport

!

permit tcp 192.1.1.0 255.255.255.0 0 0 eq 21

!

! Permit IP address 196.22.19.2 to FTP to this system

!

permit tcp 196.22.19.2 255.255.255.255 0 0 eq 21

!

! permit outgoing (established) FTP connections

!

permit tcp 0 0 0 0 eq 21 established

!

! Deny all other FTP connections

!

deny tcp 0 0 0 0 eq 21

!

! Let all other IP traffic go through

!

permit ip 0 0 0 0

!

! End fitler-LINEID