Re: Need help blocking all ports except a few
I'm using a newly installed Debian 3.0r2 and the game server I'm running ís
Neverwinter Nights. Gamespy needs all those ports opened to list the server.
I checked my ports with netstat -tulp but how do I stop those services?
In inetd.conf there's only smtp and identd externally. I commented out smtp (it
didnt relay anyway but it's not needed).
This is my output from netstat -tulp:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:printer *:* LISTEN
tcp 0 0 *:auth *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:time *:* LISTEN
tcp 0 0 *:daytime *:* LISTEN
tcp 0 0 *:discard *:* LISTEN
tcp 0 0 *:1024 *:* LISTEN
tcp 0 0 *:111 *:* LISTEN
udp 0 0 *:discard *:*
udp 0 0 *:1024 *:*
udp 0 0 *:moira_ureg *:*
udp 0 0 *:111 *:*
udp 0 0 *:bootpc *:*
Thanks for all the help!
Quoting Patrick Lesslie <email@example.com>:
> On Thu, Dec 25, 2003 at 02:54:41PM +0100, Sommarnatt wrote:
> > I'm new to iptables/chains and need help setting up my new Debian system.
> > The system is going to be a gameserver and I've never set that up before.
> ipchains can run on 2.2 series kernels. iptables requires 2.4
> (or 2.3, but you might as well use 2.4). Installing a 2.4
> kernel-image is fairly easy on debian, and since most modern
> firewall programs use iptables scripts I'd recommend making
> the switch to 2.4 (e.g. debian package kernel-image-2.4.18-1-686
> or similar, depending what platform you run).
> You can run ipchains, but I'm not sure what you have to do.
> > The only services that really need to be open are ssh2 and the game
> > The game server needs these ports opened:
> > 5120-5300 (UDP only)
> > 6667, 80,27900,28900,29900.29901,13139 and 6500
> > Any takers? Or some pointers? Tried Firehol, but it complains that it needs
> > kernel higher than 2.3
> The other thing you could do is just make sure there aren't programs
> running on any ports but these. There was a recentish post about
> doing that, and avoiding having a firewall altogether. It amounts
> to not having much else running, and it sounds like you won't need
> much else anyway.
> Patrick Lesslie
> On Wed, Dec 10, 2003 Bernd Eckenfels wrote:
> > On Wed, Dec 10, 2003 at 01:40:28PM +1100, Daniel Pittman wrote:
> > > Extremely. Without a Firewall, connecting to the Internet is an
> > > invitation to pain, these days. :/
> > this is not true, if your system runs with a minimum of secure
> > configuration. You do not need to run a firewall, if you do not have
> > open ports.
> > Using "netstat -tulp" as root will print all the processes you have to
> > terminate, or decide you want to use (if you want to use them a firewall
> > will have to permit those ports, anyway)
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact