I have a rhetorical question regarding packet filtering for passive FTP.

Currently we have only ports 20 and 21 open for FTP. As you
probably realize, when a web page has a link to FTP I must copy the link
location into an FTP client to carry out the transfer. That's okay, but
it can get tedious when downloading a lot of files. I read TID 10013813,
which describes opening ports 1024-65535 on TCP for the data in passive
mode. To me, it seems counter-productive to have all of these ports open,
albeit they are high ports. Is the fact that it is TCP, and therefore
connection based, that mitigates the danger of having such a wide range of
ports open? Or is it okay in general to have high ports open?

Thanks for humoring me.