How to enable passive ports on your pure-ftpd server and CSF Firewall
When transferring files on/from your ftp server you will need to have passive ports specified and allowed in the firewall.

Firstly lets edit pure-ftpd configuration file

nano /etc/pure-ftpd/pure-ftpd.conf

Uncomment (remove # at beginning of the line) PassivePortRange and specify the passive port range:

PassivePortRange 35000 50000

Restart pure-ftpd to load the new configuration

service pure-ftpd restart


Next steep is to set the CSF firewall configuration
In file /etc/csf/csf.conf add the same port range under TCP_IN and TCP_OUT

nano /etc/csf/csf.conf

In lines TCP_IN and TCP_OUT add 30000:50000, example

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,30000:50000,6666"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,30000:50000,993,995"

Now lets reload csf firewall configuration

csf -r

that is it, enjoy!