Bridged IPF Config Example Cont.
Kyle Amon,  Page 18
/etc/ipf.rules continued

  #--------------------------------------------------------------------.
  # Allow FTP connections from anywhere to ftpserver                   |
  #--------------------------------------------------------------------+

  #
  # For ftp control connections to the ftp server:
  #

  pass in quick on rl0 proto tcp from any to 192.168.0.15 port = ftp flags S keep state

  #
  # For PASV ftp-data connections to the ftp server:
  #
  # o  When using OpenBSD's ftpd(8) server, ports allocated on the
  #    server are limited from 49152 to 65535 by IPPORT_HIFIRSTAUTO
  #    and IPPORT_HILASTAUTO defines in <netinet/in.h>.  These default
  #    values may be dynamically altered via net.inet.ip.porthifirst
  #    and net.inet.ip.porthilast sysctl(8) options.
  #
  # o  When using the wu-ftpd server, ports allocated on the server
  #    should be limited from N to N with wu-ftpd's "passive ports"
  #    option in the /etc/ftpaccess file like so...
  #
  #     # Limit PASV ftp-data ports for firewall rules.
  #     passive ports 0.0.0.0/0 50000 65535
  #

  pass in quick on rl0 proto tcp from any to 192.168.0.15 port >= 49152 flags S keep state