I've read the posts from last year and to be honest there was no help there other than log all packets or put the firewall into learning mode... which did nothing and offered no help at all. The age old question on firewalls that arent quite statefull, how do I create an FTP rule to allow both Active and Passive FTP (or rule for each). Ports 20~21... easy but Active then uses high random ports and these get blocked with no log what so ever... other than disable the firewall and watch the activity to THEN see them running quite happily. So, FTP, how do we do it then, please. And no I'm not putting an IP in an exception list... I just want ftp to work seamlessly like it does elsewhere. please?