4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
939
22
168
The FTP protocol doesn't use UDP at all, so it isn't any surprise that cPanel's documentation doesn't suggest that you open port 20 and 21 UDP on the firewall.

How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation

However...

I've been looking at our software firewall configs and I noticed that the CSF default has UDP ports 20 and 21 open.

I wonder if there is something specific to Pure-FTP that requires these ports to be open? When looking around for info about this, I have seen several websites that suggest UDP ports 20 and 21 should be enabled for both inbound and outbound on a cpanel server.

Can anyone confirm that this is actually necessary?
 

4u123

Well-Known Member
PartnerNOC
Jan 2, 2006
939
22
168
Sorry I can't accept your suggestion that people are enabling these ports on cpanel servers and recommending that others do, just because they are assigned by IANA for use with FTP. There must be another reason surely?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
Sorry I can't accept your suggestion that people are enabling these ports on cpanel servers and recommending that others do, just because they are assigned by IANA for use with FTP. There must be another reason surely?
My point wasn't to tell you what to do, just to give you information to make your own decision. They are assigned ports and should you choose to close them, you'd need to make that decision, though they are not widely used as mentioned previously.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello @4u123,

To follow-up on Lauren's response, I performed some additional research and could not find a use-case for UDP with ProFTPd or Pure-FTPd over port 21. I've contacted CSF's support team directly to see if we can get more information about why UDP is enabled by default for port 21 in their default configuration. I'll follow-up here once I receive a response.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello @4u123,

I received a response from the CSF support team regarding this inquiry suggesting the inclusion of port 21 for UDP is simply because it's listed in the specification for FTP at:

Service Name and Transport Protocol Port Number Registry

Personally, I recommend removing port 21 from the trusted UDP port list in the CSF configuration unless you determine a specific use-case for it in the future.

Thank you.