when i run ftp service at port 21: apf dont drop connections from port 20 -.> going to client high port (ftp data connection)

but when i bind ftp to other port, like 8321, then apf drop this packets.

apf.tcp.outbound there arent those user high ports defined (i dont want to allow connections from system to all ports)... so it make sense it dont work |BUT| IT ACTUALLY DOES WHEN FTP IS AT PORT 21.

strange, any idea why this can be ? probably some hidden config ?

(ofcourse it works fine for passive, cos i can define which ports will be used in both ftp & apf, but i need active connection)

thank you

-dex