I'm getting better at iptables and have learn how to use FTP passive and securing the port ranges so only FTP is used. I can't seem to do this for QBittorrent but I thought I would share. Only one rule

I have checked my systems for the open ports and they are closed and only opened for the specified ip address above.

A BitTorrent program doesn't use FTP so needs wholly different ports to be open.
But yes, "passive" FTP only uses a single port/service: 21 (the "active" variant uses 20 too, for the returned data). Note that ftps (secure with ssl/tls) uses two different ports: 990 control and 989 for the data channel.

1 members found this post helpful.

Both active and passive FTP use an additional connection (with dynamic ports) for data transfer, the difference is the direction: in active mode, the client (!) opens a listening port and the server initiates the data connection to this port (this is often a problem behind firewalls and/or NAT), in passive mode it's the other way around (so it's like the initial control connection on port 21).

iptables has helper modules for ftp (nf_conntrack_ftp/nf_nat_ftp) which read the port numbers from the control connection (and thereby only works for unencrypted ftp, not ftps), so you only need to allow tcp port 21 (for the initial data connection) and RELATED connections (though it's still a good idea to restrict those allowed "related" port numbers to 1024-65535).

1 members found this post helpful.

This is why I posted, I didn't need to modprobe anything, just the one rule/command. Thanks and your input has been valuable.