The geekoops-pureftpd role is a configurable ansible role for setting up a
PureFTPd ftp server. I choose
PureFTPd because it appears to be more secure than
ProFTPd. In comparison to
vsftp, one server program can run both IPv4 and IPv6.
This role works on openSUSE Leap.
PureFTPd is a highly configurable ansible role. See the following list of possible variables, but you probably don’t need much of them.
|Apply firewall rules|
|Firewall zone where ftp will be allowed||public|
|Maximum number of anonymous clients||10|
|Maximum clients per IP address||3|
|Forbid user login||yes|
|Allow PAM authentication||no|
|Maximum idle time in minutes before disconnecting||5|
|Disallow anonymous download if system load is above this value||4|
|Passive port range - lower bound||30000|
|Passive port range - upper bound||30100|
|Use this IP for passive mode, useful if |
|Bind address and port (e.g. |
|Max bandwidth for all users in KB/s|
|Allow login only from this IP|
|Maximum number of open session per user||3|
|Maximum number of open anonymous sessions||20|
|Bind to IPv4 only. By default we bind to IPv4 and IPv6||no|
|Bind to IPv6 only. By default we bind to IPv4 and IPv6||no|
With this example playbook we setup a
PureFTPd server that allows only anonymous access. Because we have only some resources, we allow up to 100 session in parallel.
- hosts: jellyfish user: root roles: - role: geekoops-pureftp vars: config_firewall: true AnonymousOnly: yes PassivePortMin: 30000 PassivePortMax: 31000 MaxAnonSessions: 100