open FW-port that should be closed (BUG)

1 post Page 1 of 1
Junior Member
Posts: 4
Joined: 05 May 2014, 10:01

I am referring from a topic that i could not solve at forum-level (i tried). [ ... =11117#top ] :

on a directadmin-server with csf i experience that albeit csf.conf states:
Code: Select all
TCP_IN = "20,21,25,30,53,80,110,123,143,443,465,587,953,993,995,1935,3000:3039,3478,3479,5001,5060:5099,5222,5269,5275,5349,7443,7070,7777,10000:20000,49160:49300"
i find port 3306(TCP) accessible from outside unless mysqld is bound to

same is true for other services like rpcbind (port 111/TCP) - and sieve (port 4190/TCP) - that are not configured to be accessible through the FW according to TCP_IN but are, as soon as the are configured to not exclusivly listen on

that somehow works against my understanding.

my according iptables look like that:
Code: Select all
# iptables -L -n |grep -E :'111|3306'
ACCEPT     tcp  --              ctstate NEW tcp dpt:3306
DROP       tcp  --              tcp dpt:111
DROP       udp  --              udp dpt:111
anyone experienced the same ? what is my misunderstanding here ?

best regards
1 post Page 1 of 1