hey rob,
ftp uses two ports, tcp 20 (ftp-data) and tcp 21 (control). The client will initiate a connection to server on port 21 and the server will open a data connection on client port 20. Unless using passive FTP which the server will respond back with a random port for client to connect to for DATA.
if using standard ftp acl would look something like
vlan access-map VMAP 10
action forward
match ip address 110
ip access-list 110 permit tcp 10.10.10.0 0.0.0.255 any eq 21 (allow inside host to connect to ftp servers)
ip access-list 110 permit tcp any 10.10.10.0 0.0.0.255 eq 20 (allow ftp server to connect to hosts)
the result of this vlan access-map is that ftp will be allowed and all other traffic will be dropped due to the implicit deny at end of access-map. You'll need to add additional access-map statements to accomodate other traffic.
hope this helps.
kevin