Page 1 of 1

open FW-port that should be closed (BUG)

Posted: 23 Dec 2018, 11:48
by trueshanti
I am referring from a topic that i could not solve at forum-level (i tried). [ https://forum.configserver.com/viewtopi ... =11117#top ] :

on a directadmin-server with csf i experience that albeit csf.conf states:
Code: Select all
TCP_IN = "20,21,25,30,53,80,110,123,143,443,465,587,953,993,995,1935,3000:3039,3478,3479,5001,5060:5099,5222,5269,5275,5349,7443,7070,7777,10000:20000,49160:49300"
i find port 3306(TCP) accessible from outside unless mysqld is bound to 127.0.0.1-interface

same is true for other services like rpcbind (port 111/TCP) - and sieve (port 4190/TCP) - that are not configured to be accessible through the FW according to TCP_IN but are, as soon as the are configured to not exclusivly listen on 127.0.0.1.

that somehow works against my understanding.

my according iptables look like that:
Code: Select all
# iptables -L -n |grep -E :'111|3306'
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:3306
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:111
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:111
anyone experienced the same ? what is my misunderstanding here ?

RFC
best regards
-c-