Page 1 of 1

open FW-port that should be closed

Posted: 20 Dec 2018, 12:23
by trueshanti
Hello,

I need to ask for advice about a wierd constellation:

on a directadmin-server with csf i experience that albeit csf.conf states:

Code: Select all

TCP_IN = "20,21,25,30,53,80,110,123,143,443,465,587,953,993,995,1935,3000:3039,3478,3479,5001,5060:5099,5222,5269,5275,5349,7443,7070,7777,10000:20000,49160:49300"
i find port 3306(TCP) accessible from outside unless mysqld is bound to 127.0.0.1-interface

same is true for rpcbind (port 111/TCP) - it should not be open according to TCP_IN but is

that somehow works against my understanding.

my according iptables look like that:

Code: Select all

# iptables -L -n |grep -E :'111|3306'
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:3306
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:111
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:111
anyone experienced the same ? what is my misunderstanding here ?

RFC
best reagrds
-c-

Re: open FW-port that should be closed

Posted: 20 Dec 2018, 14:42
by trueshanti
it looks like CSF is ignoring TCP_IN and opening ports automatically if a service (like sieve) is running .. that would be a very crave situation ! RFC