If you do not work as a mail server you should close the smtp-port.
And even if you want to deliver mail directly, you should check that your computer doesn't work as an open relay.
111 is used by remote portmapper most commonly seen in nfs. If you don't want tho
have nfs exports, you should close this port too.
631 is used to access your printing system. If you don't want to do that from the internet, you should also close this port.
6000 gives a way to communicate with your X server from outside world. If you don't want that, you should close the port.
How to close a port? Either shutdown the service listening to the port or use iptables
to prevent traffic to the port from outside.
example:
Prevents all the connections to all ports except the ones you have established from your side (that is, for example, you request a web page(by clicking a link in the browser) and they send you one), local loopback connections and the ssh port:
Code:
iptables --flush
iptables --policy INPUT DROP
iptables --append INPUT --in-interface lo -j ACCEPT
iptables --append INPUT --in-interface eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables --append INPUT --in-interface eth0 -p tcp --destination-port ssh -j ACCEPT
Other example:
Blocks the connnections to port 25/smtp from the ethernet device eth0
Code:
iptables --append INPUT --in-interface eth0 -p tcp --destination-port smtp -j REJECT
What comes to the security issues, if all those services are properly configured,
they can be secure in a functional sense. Though I wouldn't use nfs or X11 over internet
(without ssh tunneling) because they are totally unencrypted and nfs has some design
issues.