IPF pass in connection to port 21 even with no explicit rule

h112 · May 27, 2010, 5:56am

I'm running IPF on solaris 10

bash-3.00# ipf -V #display ipf version
ipf: IP Filter: v4.1.9 (592)
Kernel: IP Filter: v4.1.9
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 1
Feature mask

: 0x107

with the following rules

bash-3.00# ipfstat  -o -i
block out all
pass out quick on eri0 proto tcp/udp from eri0/32 to any port = domain with keep state
pass out quick on eri0 proto tcp from eri0/32 to any port = 8080 keep state
pass out quick on eri0 proto tcp from eri0/32 to any port = 80 keep state
pass out quick on eri0 proto tcp from 192.168.244.0/24 to any port = 3306 keep state
pass out quick on eri0 proto udp from eri0/32 to any port = 623 keep state #for outbound ipmi
block in all
pass in quick on eri0 proto tcp from any to eri0/32 port = 80 keep state
pass in quick on eri0 proto tcp from any to eri0/32 port = 8080 keep state
pass in quick on eri0 proto tcp/udp from any to eri0/32 port = domain with keep state
bash-3.00#

but i'm still having a problem nmap scan shows that ftp port is open even there's no ftp service enabled

bash-3.00# svcs -a| grep ftp
disabled       May_24   svc:/network/ftp:default

when i try to telnet on 21 port it accepts connection.
so whats wrong
any ideas would be a great assist

---------- Post updated at 02:56 PM ---------- Previous update was at 01:38 AM ----------

when i ran

netstat to list listening ports

-bash-3.00$ netstat -an -f inet -P tcp | egrep -i list
127.0.0.1.4999             *.*                0      0 49152      0 LISTEN
      *.111                *.*                0      0 49152      0 LISTEN
      *.111                *.*                0      0 49152      0 LISTEN
      *.4045               *.*                0      0 49152      0 LISTEN
      *.4045               *.*                0      0 49152      0 LISTEN
      *.80                 *.*                0      0 49152      0 LISTEN
      *.32774              *.*                0      0 49152      0 LISTEN
      *.32775              *.*                0      0 49152      0 LISTEN
      *.514                *.*                0      0 49152      0 LISTEN
      *.7100               *.*                0      0 49152      0 LISTEN
      *.32776              *.*                0      0 49152      0 LISTEN
      *.32777              *.*                0      0 49152      0 LISTEN
      *.8080               *.*                0      0 49152      0 LISTEN
      *.3306               *.*                0      0 49152      0 LISTEN
      *.32779              *.*                0      0 49152      0 LISTEN
127.0.0.1.53               *.*                0      0 49152      0 LISTEN
xxx.xxx.xxx.xxx.53         *.*                0      0 49152      0 LISTEN
192.168.244.241.53         *.*                0      0 49152      0 LISTEN
127.0.0.1.953              *.*                0      0 49152      0 LISTEN
      *.32780              *.*                0      0 49152      0 LISTEN
      *.32781              *.*                0      0 49152      0 LISTEN
      *.6000               *.*                0      0 49152      0 LISTEN
      *.6000               *.*                0      0 49152      0 LISTEN

any ideas would be a great assist