I need to prevent some application to listen port.
So, when application executed it starts to listen port.
I want Linux, to ignore application port request.
How to prevent any applications to get a port or port for their usage.

Thanks

What application? Why?


Here's some weak / strong options until you explain your situation details:
- if it's a fixed port bind something to the port beforehand ('nc'?),
- if it's a port below 1024 run the application from an unprivileged account,
- if it's a port below 1024 take away CAP_NET_BIND ('man capabilities'),
- run GRSecurity and the application under an account w/o port bind rights,
- run SE Linux and take out any port listening rules,
- run anything that intercepts the applications bind() system call,
- run the application as an isolated virtualization guest.

Because it is not "open source", and I do not know what to expect.

Thank you, I have to check all of it.

It is port higher 1024 of course.

You can use iptables to block any incoming calls to that port.

What about random port?
I just want to prevent an application to get one or any.

Unless you add information we can actually use in replies I suggest virtualization.

Set your default Rule/Profile in iptables INPUT to drop, then only explicitly allow in the ones you expect.
That way, even if it (app) binds to a port, it won't get/see any incoming cxns.

Or, rather than trying to edit iptables rules himself, he could use 'ufw'. This program has a much simpler and more logical syntax, yet is flexible enough to do what he seems to want. It then edits the iptables rules for you.

One of the good decisions Canonical made was to put 'ufw' on all Ubuntu systems.

But the word 'seems' is key here: we really don't know what the OP wants, since he does not seem to understand the proper use of indefinite articles and quantifiers in English. Does he have in mind one specific application, which he does not want to allow to connect to any port? Or does he want to allow only a 'whitelist' of applications to connect to any port?

Whichever it really is, he should be able to figure out from the man page for 'ufw' how to do this -- unless he really is trying to do something impossible

Thanks for every one.

I found that iptables match OWNER is very useful.

If it is impossible to completely disable bind port for SOME application, I allow to go OUT only trusted programs.
Why "some", because it is not important which one, idea was to disable AT ALL. But looks like it is not easy.

Thanks