Securing a ProFTPD server

If you are looking for ways to lock-down your ProFTPD server without using iptables this may help. I recently had to find a way of securing a VPS without iptables. The ftp server only needed to be accessed by a few known users so I ended up with two reasonable possibilities.

• Switch ftp on and off manually as and when it was needed (most secure)
• Configure ProFTPd to only allow connections from specific IP's

I opted for the last choice. To configure this you need to modify the /etc/proftpd.conf file by adding a directive. I added it to the the Scope.

<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>

<LIMIT LOGIN>
Order Allow,Deny
Allow from xxx.xxx.xxx.xxx (IP's to allow)
Deny from all
</LIMIT>

</Global>

Hope this helps someone!