Is there any way to ftp-proxy an outgoing passive ftp connection through
a default block policy on the internal interface?
The man page suggests that if you don't use -n, ftp-proxy will proxy passive connections. You could filter based on ftp-proxy's user account then.
I haven't tried this.