Quote from wiki:
Since I want port 22 and 3306 not to be open I have removed them from this setting.FW_INBOUND_TCP_SERVICES
List of user configured allowed inbound TCP services, comma delimited. Just provide a list of the ports you want to allow in. Anything not on the list will be denied by default.
Default: ASL does not block any ports by default. By default all ports are open, ports are only closed if the user defines them via this setting.
Example: 22,21,25,53,80,443,465,110,143,993,995,587,8443,30000
BUT they are still open. Why? It clearly states "Anything not on the list will be denied by default." And " ports are only closed if the user defines them via this setting".
To achieve closing them I had to put a DENY from ANY for TCP 3306 and 22 into filter >INPUT.
The config of asl-firewall is the default from ASL. 100% unchanged except this two ports over config page setting "INBOUND_TCP_SERVICES" and adding some ertain static ip's in input filter to access port 22 from my office.
Thanks