To open the FTP ports (port 21 and port 20) using iptables, you can use the following commands:
iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp --dport 20 -j ACCEPT
These commands will allow incoming TCP connections on port 21 (the FTP control port) and port 20 (the FTP data port).
It's worth noting that these rules will only allow incoming connections to the FTP server. If you want to allow the FTP server to initiate outbound connections, you will also need to allow outgoing connections on these ports. You can do this by adding the following rules:
iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
These rules will allow the FTP server to initiate outbound connections on port 21 and port 20.
Note that the iptables command is not persistent, so if you reboot your system or restart the iptables service, your rules will be lost. To make the rules persistent, you can use the iptables-save and iptables-restore commands to save the current rules to a file and restore them on boot.
It's also worth noting that the iptables command is deprecated in many modern Linux distributions in favor of the nftables command. If you are using a recent version of Linux, you may want to consider using nftables instead.