View Single Post
  #7   (View Single Post)  
Old 26th May 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

You can try

Code:
pass in quick on $ext_if inet proto tcp from any to $ext_if port 49162:65535 flags S/SA keep state
If at all possible I would limit the passive portrange used by ProFTPd as much as possible to cut down on the number of open ports allowed direct access from the outside. Maybe opening 10-20 ports is enough. Adjust pf.conf to that smaller port range. Do not adjust the sysctl settings to a lower port range, because they apply to all programs opening high ports, and you may run out of them.
Reply With Quote