FTP and UDP ports
The FTP protocol doesn't use UDP at all, so it isn't any surprise that cPanel's documentation doesn't suggest that you open port 20 and 21 UDP on the firewall.
How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation
However...
I've been looking at our software firewall configs and I noticed that the CSF default has UDP ports 20 and 21 open.
I wonder if there is something specific to Pure-FTP that requires these ports to be open? When looking around for info about this, I have seen several websites that suggest UDP ports 20 and 21 should be enabled for both inbound and outbound on a cpanel server.
Can anyone confirm that this is actually necessary?
-
It's not widely used but it is assigned - you can see more information on port assignments and status here: List of TCP and UDP port numbers - Wikipedia 0 -
Sorry I can't accept your suggestion that people are enabling these ports on cpanel servers and recommending that others do, just because they are assigned by IANA for use with FTP. There must be another reason surely? 0 -
We have those ports closed on our firewall and it's working fine without any problem. 0 -
Sorry I can't accept your suggestion that people are enabling these ports on cpanel servers and recommending that others do, just because they are assigned by IANA for use with FTP. There must be another reason surely?
My point wasn't to tell you what to do, just to give you information to make your own decision. They are assigned ports and should you choose to close them, you'd need to make that decision, though they are not widely used as mentioned previously.0 -
Hello @4u123, To follow-up on Lauren's response, I performed some additional research and could not find a use-case for UDP with ProFTPd or Pure-FTPd over port 21. I've contacted CSF's support team directly to see if we can get more information about why UDP is enabled by default for port 21 in their default configuration. I'll follow-up here once I receive a response. Thank you. 0 -
Hello @4u123, I received a response from the CSF support team regarding this inquiry suggesting the inclusion of port 21 for UDP is simply because it's listed in the specification for FTP at: Service Name and Transport Protocol Port Number Registry Personally, I recommend removing port 21 from the trusted UDP port list in the CSF configuration unless you determine a specific use-case for it in the future. Thank you. 0
Please sign in to leave a comment.
Comments
6 comments