Thanks eco
I have posted below with the command your way but I still don't know which ones I really need and which ones I don't. This firewall will be doing only 3 things. They are iptables, nat and dns. It will take the place of my existing linux firewall and be my primary firewall between my cable modem and my network.
I need to keep ssh open for config and monitoring, at least to my lan. I see that you don't have a local ip open and I suppose that after my setup is complete I wont need one either.
I have to do everything from the shell on this box as it has no gui. My understanding is that I have to disable the services I don't need in /etc/init.d, but beyond uninstalling a package I am not really sure how to do that. I know about changing the 'S' or something in some of the sub-folders. I have looked through most of the files in said folder but most of them make little sense to me. I can see where the scripts call other files, I don't know beyond prefixing the line with a # what else to do. My experience with doing that to scrips has been less than favorable, usually breaking them.
I am also recalling that there is a command that can be run that will turn stuff off services, something like '/etc/init.d update rc. ssh stop' but that is only memory and mine is somewhat faulty.
Still the bigger problem remains that I don't know which ones to turn off. Or why, which is probably more important. I just need this machine to be locked down hard before I start installing the things I need. FYI this machine has only a Debian Lenny base install on it, and I have striped it down a little further at this point.
Code:
tcp 0 0 0.0.0.0:51660 0.0.0.0:* LISTEN 1699/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1688/portmap
tcp 0 0 192.168.2.104:53 0.0.0.0:* LISTEN 1967/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1967/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2502/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2248/exim4
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1967/named
tcp6 0 0 :::53 :::* LISTEN 1967/named
tcp6 0 0 :::22 :::* LISTEN 2502/sshd
tcp6 0 0 ::1:953 :::* LISTEN 1967/named