-   Linux - Security (
-   -   All Network Port Disabled by default? (

narin1975 12-14-2012 10:54 PM

All Network Port Disabled by default?
For a fresh installed linux machine, are all network ports disabled by default?

In other words, do we need to install and configure a firewall in order to make sure than the system begin with all network ports disabled?


eSelix 12-15-2012 04:14 PM

It depends on distribution. For example in Ubuntu iptables firewall is set initially to allow all. Don't affraid opened ports, be affraid of not mantained or downloaded from untrusted sources applications. Usually if somebody install server application he want to become it reachable for outside and some servers like mysql has set "local connections only" option by default. So no need blocking rules. However myself I block nearly all incomming connection on my router. If you want to all ports disabled there is no need to install additional software, just

iptables -P INPUT DROP
in some startup script will be sufficient.

narin1975 12-15-2012 06:41 PM

Okay, but if all ports opened by default, can someone outside send something nasty to the server over one of the ports? Is it possible to do?

eSelix 12-15-2012 08:49 PM

Yes, someone can send anything (I don't known what you mean by "nasty") if the server has opened that port, of course.

narin1975 12-15-2012 08:52 PM

in that case, i should start with "iptables -P INPUT DROP" as you suggested.

thank you very much.

All times are GMT -5. The time now is 04:32 PM.