# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000:10100 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
service iptables restart
vi /etc/vsftpd.conf
port_enable=YES
connect_from_port_20=YES
pasv_enable=YES
pasv_min_port=10000
pasv_max_port=10100
service vsftpd restart