It seems that the currently available iptables
(http://files.directadmin.com/services/all/block_ips/2.0/iptables)
script is missing a rule when the end user tries to login to FTP server with his FTP client set to use FTP over TLS.
So after reading
"Because the ftp helper modules must read and modify commands being sent over the command channel, they won't work when the command channel is encrypted through use of TLS/SSL."
from here
http://serverfault.com/questions/234674/setting-up-linux-iptables-for-ftp-pasv-mode-connections
I added
-A INPUT -p tcp --dport 50000:60000 -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
to my iptables. Of course, with the right passive port range in my ftpd configuration.
(http://files.directadmin.com/services/all/block_ips/2.0/iptables)
script is missing a rule when the end user tries to login to FTP server with his FTP client set to use FTP over TLS.
So after reading
"Because the ftp helper modules must read and modify commands being sent over the command channel, they won't work when the command channel is encrypted through use of TLS/SSL."
from here
http://serverfault.com/questions/234674/setting-up-linux-iptables-for-ftp-pasv-mode-connections
I added
-A INPUT -p tcp --dport 50000:60000 -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
to my iptables. Of course, with the right passive port range in my ftpd configuration.