LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page using iptable to close port instead of stopping services
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-07-2005, 02:17 AM   #1
Emmanuel_uk
Senior Member
 
Registered: Nov 2004
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,606

Rep: Reputation: 53
using iptable to close port instead of stopping services

Hi,

Would you say from the iptable extract that I have corretly
set the firewall to drop everything to and from port 111, 631 and 32768 (xinetd).
I know how to stop services. Just learning about shorewall, so
a confirmation would be great. Thanks

Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp dpt:111
DROP tcp -- anywhere anywhere tcp dpt:631
DROP tcp -- anywhere anywhere tcp dpt:32768

Output from nmap
PORT STATE SERVICE
111/tcp open rpcbind
631/tcp open ipp
32768/tcp open unknown

# shorewall version 2.0.8

Jul 7 05:56:19 localhost shorewall: Policy for net to loc is DROP using
chain net2all
Jul 7 05:56:19 localhost shorewall: Policy for net to fw is DROP using
chain net2all
Jul 7 05:56:21 localhost shorewall: Policy DROP for net to fw using chain
net2all

Regards
 
Old 07-07-2005, 03:54 AM   #2
nixcraft
Member
 
Registered: Nov 2004
Location: BIOS
Distribution: RHEL3.0, FreeBSD 5.x, Debian 3.x, Soaris x86 v10
Posts: 379

Rep: Reputation: 30
Port 111, 631 and 32768 are open. You can use rule as follows from script:

Code:
SERVER_IP="xxx.xxx.xxx.xxx"
....
......

iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP  --dport 111 -j DROP
....
A better way is to use iptables -L -n command to see how rules look
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
stopping evolution services at startup TranceDude Linux - Software 1 09-11-2005 01:08 PM
stopping services not in xinetd.d branden_burger Linux - Security 2 04-12-2005 08:34 PM
disabling stopping services ganxteh Fedora 6 12-17-2004 10:24 PM
stopping services? piglingz Linux - Software 3 06-24-2003 04:26 PM
stopping and starting services nero64 Linux - Newbie 3 11-13-2002 01:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:20 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration