I do agree that iptables is awesome to stop all that traffic, including other packages that may be installed in the future, so extra bonus there!

Using -A adds the new rule to the end of the INPUT chain. If there's already a rule in INPUT that would match and ACCEPT, then adding that rule to the end would be useless because iptables would never get to that line to drop all port 21. By using -I (to insert it at the top) instead of -A, this problem is completely avoided:

Regards,

Kaia Taylor

DevSA group -- tis-dco-devsa – jumpword devsa http://dco-sps.schwab.com/sites/devsa/welcome desk 602-977-5157 pager 6025785439@vtext.com or white pages All e-mail sent to or from this address will be received by the Charles Schwab corporate e-mail system and is subject to archival and review by someone other than the recipient.

From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Dan Dubovik
Sent: Wednesday, June 23, 2010 7:28 PM
To: Main PLUG discussion list
Subject: Re: Determin which FTP server is running and turn off non secure FTP

It has been my experience that the pure-ftpd init script is far from graceful, as Eric pointed out, the error that was given likely means that the service wasn't running. That, or it just couldn't find the pid file.

lsof -i :21 will tell you the process (with pid) that is listening on port 21. You can then kill that process. Provided you have also used chkconfig to disable the service on startup, it will then effectively be stopped from running. The rpm -e or yum remove commands listed above will make doubly sure that the service won't be started up again on the server. Additionally, you could use iptables to disable any connection to port 21 on the server :
/sbin/iptables -A INPUT -p tcp --dport 21 -j REJECT

I think that should stop incoming connections on the port.