"Running a public FTP site securely can be difficult. Taking
full advantage of the security features supported by your FTP
server application of choice can be a chore, and even then there's
a good chance that sooner or later vulnerabilities will come to
light making all that work for naught. So what else can you do?
"One important technique is to run an FTP proxy on your
firewall. Whereas the standard Netfilter code in the Linux kernel
only inspects packets, an FTP proxy lets your firewall act as an
intermediary in all FTP transactions. This increases your
protection against buffer overflows and many other kinds of FTP
attacks. It also allows you to restrict which FTP commands are
executed by FTP clients.
"This month I explain how to run SuSE's free (and
non-SuSE-Linux-specific) Proxy-Suite FTP proxy on your Linux
firewall, adding transparent but strong protection to all your FTP