Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It seems fine. sso-service is the one that uses 2710 port.
But may I know what is the purpose of this all. These all are registered service ports and I have never touched these ports.
What do you want to gain from opening this port? You should be absolutely sure what port you want to open else it could be a big security risk.
Yes of course. You should not open ports unless you need them or system needs them. I would say do not touch these ports unless you absolutely know what you are doing and how it is going to affect the system and complete setup.
you are in danger of your iptables rules becoming a real mess.
have you actually saved any of these rules??
if not, i suggest restarting iptables so it removes these newly added rules, then readding the rule you need, then issuing an
Code:
iptables-save
If you have saved the rules, edit /etc/sysconfig/iptables and remove the lines of rules you dont need (port 2700) then restart the iptables firewall
you are in danger of your iptables rules becoming a real mess.
have you actually saved any of these rules??
if not, i suggest restarting iptables so it removes these newly added rules, then readding the rule you need, then issuing an
Code:
iptables-save
If you have saved the rules, edit /etc/sysconfig/iptables and remove the lines of rules you dont need (port 2700) then restart the iptables firewall
Just wondering how would blocking 2700 make iptables a real mess. I'm pretty new to iptable,let me know if there was anything wrong in writing that above rule
Its good to be parsimonious with iptables rules. IOW, KISS (Keep It Simple Stupid).
First, if you don't have a server program bound/attached to a specific port eg 2700, then there's no point in having rules relating specifically to that port.
Unfortunately, 'port' is a bad name for this, it implies things can get in if it 'open'. In actual fact, if there's no server listening on that 'port' , then there's no sw to connect to from the outside, so it effectively doesn't exist.
Also, during the above conversation, it maybe wasn't made clear that the unwanted rules eg 2700 should be replaced, not added to, eg blah 2700 accept, followed by blah 2700 drop makes no sense.
In fact, you only need to 'open' the port eg 2710 if the default Policy for that chain is Drop. If it (default Policy) is accept, then no accept rule is required.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.