Network interface not responding to openning ports

I recently encountered a bizarre problem and hope you guys can help me figure it out.
The server only responds to port 80 and not to other open ports. The firewall is configured correctly, and I have even stopped the firewall service to ensure it is not causing the issue.

# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled)
     Active: inactive (dead) since Mon 2024-06-03 13:27:12 AEST; 21h ago
   Duration: 33min 38.851s
       Docs: man:firewalld(1)
   Main PID: 215642 (code=exited, status=0/SUCCESS)
        CPU: 4.501s

Jun 03 12:53:33 host systemd[1]: Starting firewalld - dynamic firewall daemon...

Jun 03 13:27:12 host systemd[1]: Stopping firewalld - dynamic firewall daemon...
Jun 03 13:27:12 host systemd[1]: firewalld.service: Deactivated successfully.
Jun 03 13:27:12 host systemd[1]: Stopped firewalld - dynamic firewall daemon.
Jun 03 13:27:12 host systemd[1]: firewalld.service: Consumed 4.501s CPU time.

Selinux has been disabled:

# getenforce

The connection to port 80 from remote is successful, but connections to other ports are not:

# telnet 80
Connected to
Escape character is '^]'.
telnet> quit
Connection closed.
# telnet 4444
# telnet 90
# telnet 8000

The same connection requests are successful when initiated from localhost.
I am certain that the ports are listening on all interfaces.

# netcat -v -l 4444
Listening on 4444

While that listens, you see it with:

ss -tulpn | grep 4444

and you can run on the same host:

telnet 4444

and connect, but not from “outside”.

The nft list ruleset shows that you have no filter rules in the kernel?

If you do listen on the interface with

tcpdump -vv -nn -i ${interface} port 4444

when external machine attempts telnet, then do you see any traffic?

Yes, but define “external”. Imagine it’s a home internet with a router, and the router only allows port 80.

Thanks for your reply. It turns out my colleague installed TrendMicro Endpoint on the server, which blocked the traffic.