FTP transfer prohibition configuration example
Network requirements
As shown in Figure 34, configure the router to prohibit PCs from uploading files to or downloading files from the FTP server.
Figure 34: Network diagram
![](images/image34.png)
Configuration procedure
# Configure the classifier ftpclass for matching FTP packets.
<Router> system-view [Router] traffic classifier ftpclass [Router-classifier-ftpclass] if-match protocol ftp [Router-classifier-ftpclass] quit
# Configure a packet filtering behavior.
[Router] traffic behavior deny [Router-behavior-deny] filter deny [Router-behavior-deny] quit
# Configure a QoS policy to match and filter FTP packets.
[Router] qos policy ftppolicy [Router-qospolicy-ftppolicy] classifier ftpclass behavior deny [Router-qospolicy-ftppolicy] quit
# Enable DAR for traffic recognition, and apply the QoS policy to the incoming traffic of Ethernet 1/1.
[Router] interface ethernet 1/1 [Router-Ethernet1/1] dar enable [Router-Ethernet1/1] qos apply policy ftppolicy inbound
Run FTP client software on a PC. You can see the PC cannot use FTP for uploading or downloading files.