We excluded 1 IP to access port 3306 in the csf.allow file ; but this morning suddenly the IP was blocked in the firewall due to a temporary port scan; i have checked the logs and this showed the IP only tried to access port 3306 ; no other ports.
Only difference is that since yesterday the firewall has been updated to a new release, so wanted to make a log of this issue here as it might be a bug ?
content csf.allow for this entry
tcp|in|d=3306|s=sourceip
example log of block
Nov 9 07:28:16 servername kernel: [24355408.855643] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=84:34:97:11:e9:20:80:71:1f:e2:78
x:x SRC=sourceip DST=serverip LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=35371 DF PROTO=TCP SPT=38251 DPT=3306 WINDOW=14600 RES=0x00 SYN URGP=0(replaced IP with term sourceip)