To resolve the issue with APF and proftpd connections, you can try the same fix that works with CSF. Simply open up that gigantic hole in the firewall.
Unfortunately, this is a problem with software not following standards rules (ie: restricting connections to a certain port).
Alternatively, you can use SFTP (ftp over ssh2) which should solve that issue as well.
WHMCS Guru - WHMCS addons, management, support and more. WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
Always looking for Linux, WHMCS, Support Desk work. PM for details
Are you using apf in a monolithic mode? If so there is your problem. In a real world situation with conntrack_ftp the system should open the ports for ftp as needed.
Steven Ciaburri | Industry's Best Server Management- Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
In APF I already opened the TOS range for 45000:50000 for example (having 5000 ports only for ftp daemon), then also opened those in the ingress rules.. and still having the same issue... This problem happens even if I use proftp in the standart port or in a different one.
Also.. I dont have monolitic mode on, SET_MONOKERN="0" .
Anyway, do you know another good firewall for Ensim and Plain RedHat servers ?