gratefulhemp, you need someone to take on the responsibility for fw administrator for this type of thing.
I don't know of a safe way to implement what you're describing without giving that person a lot more power as a side-effect. (i.e. You can make them a sudoer to mess with fw rules, but that's a hell of a lot of power in of itself.)
Can you describe more the circumstances and business problem you're trying to solve? If you're comfortable opening port 21 for brief transfers, is there not a "safe" subnet you can add to the rules for access to that port?
Last edited by anomie; 03-05-2007 at 03:37 PM.