LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   How do i close my open ports??? (http://www.linuxquestions.org/questions/slackware-14/how-do-i-close-my-open-ports-70411/)

Synth218 07-05-2003 11:14 PM

How do i close my open ports???
 
Hey all im new to slack and im tyring to clsoe some of my open ports manly the ssh,ftp,and smtp ports it really leaves my system unsecure : ( and i dont wnat an unsecure system.
/*****************************************************************************
root@Blue:/home/Synth# nmap localhost

Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-07-05 12:13 PDT
Interesting ports on localhost (127.0.0.1):
(The 1634 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
37/tcp open time
79/tcp open finger
111/tcp open sunrpc
113/tcp open auth
515/tcp open printer
587/tcp open submission
6000/tcp open X11

Nmap run completed -- 1 IP address (1 host up) scanned in 1.683 seconds
*********************************************************************************/
as u can see i have way 2 many ports open how do i close them? thanx in advance

Locura 07-05-2003 11:22 PM

Use a firewall program, or do research on iptables and learn to do it manually.

Synth218 07-05-2003 11:31 PM

whats a good firewall program for slack? dons't it come with one ???

SocialParasite 07-06-2003 12:19 AM

Yeah, it's called iptables. Which you will have to learn.

Or you can try this one:

http://firestarter.sourceforge.net

It's a front-end for iptables configuration. Good luck.

major.tom 07-06-2003 12:20 AM

If you don't need these services (likely in most cases) you can also turn them off. Most of them can be changed via /etc/inetd.conf.

For more info, check out these links.

Disabling Daemons

Disabling misc tools

Cheers!

Garry

Synth218 07-06-2003 12:46 AM

firestarter is for the gnome desktop and im running kde adn have completely uninstalled gnome all together. and on the webiste it says it should work on kde but i cant get it to install... so do u know any other good firewalls??? thanx in advance...

DrOzz 07-06-2003 12:49 AM

did you even attempt to just close them manually by editing your iptables, and then restarting the service?

Synth218 07-06-2003 12:50 AM

i dont know how to edit the iptables and i dont know where the iptables woudl be located im a newbie to linux and Slack

SocialParasite 07-06-2003 12:56 AM

I hate to tell you this, but: you're going to have to just learn iptables. You can look into a program called tinyfirewall . . . I dunno. It was the one that came with Mandrake for a while. Really, you're just going to have to learn iptables at some time because all a linux "firewall" is, in the sense you're talking about, is either an iptables front-end or an iptables configuration script. Either way you're going to need to know what is going on before you mess with those. You can, as I've been learning, have a pretty front-end but at the end of the day you need to know what is going on behind the scenes to properly use it.

http://iptables-tutorial.frozentux.net

That has been a pretty good tutorial so far, albeit a bit heavy for a n00b. It's not exactly a quick read, but it's solid.

You can also follow the links given above to manually shut down the services that are running causing the open ports. You'll most likely need to edit /etc/rc.inet1 and /etc/rc.inet2.

*edit*

To steal from a previous thread of mine asking about firewalls:

A really basic script might be

iptables -F

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p tcp --syn -j ACCEPT
iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

That should only allow programs you start on that machine to access the internet and should keep out connections from the outside.

Azmeen 07-06-2003 06:25 AM

An excellent iptables script I found here by marcus...

Click Here.

You may need to change certain variables and settings to accomodate to your needs.

SocialParasite 07-06-2003 02:31 PM

I just tested the iptables script thinger that I put in my last post: it needs some serious tweaking. Unless you like being unable to browse.


All times are GMT -5. The time now is 08:58 PM.