Lame - Help on "What must be blocking connection to these ports?"

Hey, there!
I recently pass the Lame, but the TASK 9 :
" We’ll explore a bit beyond just getting a root shell on the box. While the official writeup doesn’t cover this, you can look at 0xdf’s write-up for more details. With a root shell, we can look at why the VSFTPd exploit failed. Our initial nmap scan showed four open TCP ports. Running netstat -tnlp shows many more ports listening, including ones on 0.0.0.0 and the boxes external IP, so they should be accessible. What must be blocking connection to these ports?"
CONFUSING ME !!!

Any HELP except the iptables command ? PLEASE !
:exploding_head: :exploding_head:
:cry: :cry:
:heart: :heart:

Just think of the layer of defense critical for maintaining overall network security including blocking connection to certain ports.