1. Ask yourself what "connecting to a box" means. What do you need server-side to be able to connect to a port? An open port. What is an open port? A port that allows receiving traffic. Why does it allow receiving traffic? Because server-side there is an application which is listening on that port. What if I have a daemon running and the port registers as closed? Then there's no daemon listening, or it's firewalled. What if I have a daemon running and the port registers as filtered? Then it's firewalled. If a port is open, but is marked as filtered in nmap, can I connect to it? No. Are there any other ways to still be able to connect to a filtered port? Try reading something that includes the phrase "trusted hosts".
2. Safe considering what? If your ftpd has no built-in mechanisms to allow/deny hosts/ranges access then, yes if it has TCP Wrappers support or is run tru xinetd then it is your only option besides proper firewalling. Remember you don't have to worry about the world being able to connect to your box, but now you have to worry about who connects to you from those allowed hosts :-]
Last edited by unSpawn; 11-02-2002 at 02:03 PM.