LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   using iptable to close port instead of stopping services (https://www.linuxquestions.org/questions/linux-newbie-8/using-iptable-to-close-port-instead-of-stopping-services-340847/)

Emmanuel_uk 07-07-2005 03:17 AM

using iptable to close port instead of stopping services
 
Hi,

Would you say from the iptable extract that I have corretly
set the firewall to drop everything to and from port 111, 631 and 32768 (xinetd).
I know how to stop services. Just learning about shorewall, so
a confirmation would be great. Thanks

Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp dpt:111
DROP tcp -- anywhere anywhere tcp dpt:631
DROP tcp -- anywhere anywhere tcp dpt:32768

Output from nmap
PORT STATE SERVICE
111/tcp open rpcbind
631/tcp open ipp
32768/tcp open unknown

# shorewall version 2.0.8

Jul 7 05:56:19 localhost shorewall: Policy for net to loc is DROP using
chain net2all
Jul 7 05:56:19 localhost shorewall: Policy for net to fw is DROP using
chain net2all
Jul 7 05:56:21 localhost shorewall: Policy DROP for net to fw using chain
net2all

Regards

nixcraft 07-07-2005 04:54 AM

Port 111, 631 and 32768 are open. You can use rule as follows from script:

Code:

SERVER_IP="xxx.xxx.xxx.xxx"
....
......

iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP  --dport 111 -j DROP
....

A better way is to use iptables -L -n command to see how rules look


All times are GMT -5. The time now is 01:51 PM.