LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-14-2012, 09:54 PM   #1
narin1975
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Rep: Reputation: Disabled
All Network Port Disabled by default?


For a fresh installed linux machine, are all network ports disabled by default?

In other words, do we need to install and configure a firewall in order to make sure than the system begin with all network ports disabled?

Thanks
Narin
 
Old 12-15-2012, 03:14 PM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,211

Rep: Reputation: 306Reputation: 306Reputation: 306Reputation: 306
It depends on distribution. For example in Ubuntu iptables firewall is set initially to allow all. Don't affraid opened ports, be affraid of not mantained or downloaded from untrusted sources applications. Usually if somebody install server application he want to become it reachable for outside and some servers like mysql has set "local connections only" option by default. So no need blocking rules. However myself I block nearly all incomming connection on my router. If you want to all ports disabled there is no need to install additional software, just
Code:
iptables -P INPUT DROP
in some startup script will be sufficient.

Last edited by eSelix; 12-15-2012 at 03:16 PM.
 
1 members found this post helpful.
Old 12-15-2012, 05:41 PM   #3
narin1975
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
Okay, but if all ports opened by default, can someone outside send something nasty to the server over one of the ports? Is it possible to do?
 
Old 12-15-2012, 07:49 PM   #4
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,211

Rep: Reputation: 306Reputation: 306Reputation: 306Reputation: 306
Yes, someone can send anything (I don't known what you mean by "nasty") if the server has opened that port, of course.
 
1 members found this post helpful.
Old 12-15-2012, 07:52 PM   #5
narin1975
LQ Newbie
 
Registered: Aug 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
in that case, i should start with "iptables -P INPUT DROP" as you suggested.

thank you very much.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Hibernation Disabled By Default In Ubuntu 12.04 LXer Syndicated Linux News 0 04-18-2012 07:30 AM
Printer Enabling Disabled by default wagscat123 Linux - Hardware 2 03-02-2012 09:15 PM
I disabled my onboard audio, yet it keeps using it as default randyriver10 Linux - Hardware 1 01-09-2008 05:50 AM
By default is url file access disabled? got_nix Linux - Server 6 07-04-2007 10:46 AM
Smilies should be disabled by default secesh LQ Suggestions & Feedback 13 06-08-2005 01:21 PM


All times are GMT -5. The time now is 09:04 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration