Re: How do I disable (close) ports?

To: debian-security@lists.debian.org
Subject: Re: How do I disable (close) ports?
From: dorvin@samael.k.pl (Jaroslaw Podstawa)
Date: Wed, 5 Dec 2001 01:11:22 +0100
Message-id: <[🔎] 20011205011122.A6974@samael.k.pl>
In-reply-to: <[🔎] 001601c17d00$ccb88000$660ba8c0@pa237.olsztyn.sdi.tpnet.pl>; from jp@america.eu.org on Tue, Dec 04, 2001 at 09:18:09PM +0100
References: <[🔎] 001601c17d00$ccb88000$660ba8c0@pa237.olsztyn.sdi.tpnet.pl>

On Tue, Dec 04, 2001 at 09:18:09PM +0100, J. Paul Bruns-Bielkowicz wrote:
> Hi,
> I disabled all but a few ports in /etc/services, but I have
> tcp        0      0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
> ESTABLISHED
> when I netstat my machine. What exactly does this mean? I just want
> 25/tcp     open        smtp
> 37/tcp     open        time
> 66/tcp     open        sql*net
> 80/tcp     open        http
> 110/tcp    open        pop-3
> 443/tcp    open        https
> 3306/tcp   open        mysql
> open. How can I close ports 111 and 859? They are not enabled in
> /etc/services
> Thanks,
> J. Paul Bruns-Bielkowicz
> http://www.america.prv.pl
> 
I suggest ipchains or iptables (depends on kernel version you have).
And then (ipchains example)
ipchains -A input ACCEPT -p tcp --destination-port 25 (repeat for all ports
	that have to be open)
ipchains -A input DENY (this will close the rest without notifying client
	machine that it's packet was filtered) 

You may also want to log denied packets (add -l in DENY line), but it can be 
a lot of stuff so consider it carefully.

More information can be found at ipchains-howto

Jaroslaw Postawa
dorvin@o.k.pl

Reply to:

References:
- How do I disable (close) ports?
  - From: "J. Paul Bruns-Bielkowicz" <jp@america.eu.org>

Prev by Date: Re: How do I disable (close) ports?
Next by Date: Re: VI wrapper for SUDO? - another bad way ??
Previous by thread: Re: How do I disable (close) ports?
Next by thread: Re: How do I disable (close) ports?
Index(es):
- Date
- Thread