I don't see the point of removing the ssh client myself, but if you really want to, the command is:
Code:
sudo apt remove openssh-client
As for closing port 21, there are two reasons why there was no need to explicitly deny port 21 incoming:
1: If there was a deny all incoming anyway, then explicitly denying 21 in is superfluous, and
2: Unless you are running an FTP server, the OS will reject incoming calls to port 21 anyway, even if the firewall lets the request in.
As for why you ended up with limit and not deny, I have no idea. Maybe I'm being unfair, but I think that may have been a user error.
Just a note on open ports:
In the OS, ports are either:
- Open: There is an application running that opened the port and is listening for incoming calls, or
- Closed: No running application has asked to receive incoming calls on that port - they will be rejected with Port Unreachable.
If a firewall is inspecting connection requests, it can choose to either:
- Accept: Allow the connection request to pass through to the OS unimpeded - the OS can accept or reject, depending on whether the port is open.
- Drop: Discard the connection request so it never reaches the OS - the call attempt will eventually time out
- Reject: Not often used - the firewall sends a connection refused indication - the OS never sees the connection request, open or closed is irrelevant.
It bugs me personally when people talk about a firewall "closing" or "opening" a port. Firewalls can't do that - OS applications do. Firewalls, in general, just drop/block or accept/permit particular ports.