how to close cirtain ports

I would like to set  up an www server with Linux Red 5.0

How do I close every other ports othan port80?

Would you please give specific instructions?

Thanks.

(Some people even put ugly messages if a port is telneted. That's great, too)
yjh123Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mzitoCommented:
All, the miracles of tcp wrappers and ipfwadm.  Here's the quick and dirty way (assuming your kernel is compiled to include firewalling support):
ipfwadm -If (flushes out the old rules)
ipfwadm -Ip deny (sets a default policy that incoming packets are denied)
ipfwadm -Ia accept -S 0.0.0.0/0 -D aaa.bbb.ccc.ddd/32 80 (where aaa.bbb.ccc.ddd is your ip address. This allows packets into your system on port 80)
ipfwadm -Ia accept -S 0.0.0.0/0 -D aaa.bbb.ccc.ddd/32 1025:* (this makes sure your system can accept packets on what are known as non-privileged ports....ports that nothing important is on, for when you ftp, surf the web, or send email)
ipfwadm -Ia deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o (this is called a catch-all rule.  Any packets that don't match the above two rules (i.e. unless they are sent to port 80 or some port above 1024) are denied anyway, but this time, they get logged to a file, so you can see what exactly someone tried to do.

If you want to get more creative, you can  use tcp_wrappers.  It's too much to go into in great detail here, but in an example, you might put the following in your hosts.deny file:
in.telnetd:ALL: banners /etc/banners
In the directory /etc/banners, create a file called in.telnetd.  In that file, put whatever you want to be displayed on the person's screen.  This can be done for any service on the machine.  Try "man 5 hosts_access" and "man 5 hosts_options".  I personally use a shell script I modified that, whenever someone tries to access an unauthorized service, gets as much information about the attacker as possible then mails me.  If the attacker  exceeds a set number of times, all packets from their IP are rejected.  If you'd  like it, drop me a line at mzito@wwprsd.mercernet.net

Best Wishes,
Matt Zito
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.