Solved

how to close cirtain ports

Posted on 1998-04-13
1
199 Views
Last Modified: 2013-12-15
I would like to set  up an www server with Linux Red 5.0

How do I close every other ports othan port80?

Would you please give specific instructions?

Thanks.

(Some people even put ugly messages if a port is telneted. That's great, too)
0
Comment
Question by:yjh123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 1

Accepted Solution

by:
mzito earned 50 total points
ID: 1631557
All, the miracles of tcp wrappers and ipfwadm.  Here's the quick and dirty way (assuming your kernel is compiled to include firewalling support):
ipfwadm -If (flushes out the old rules)
ipfwadm -Ip deny (sets a default policy that incoming packets are denied)
ipfwadm -Ia accept -S 0.0.0.0/0 -D aaa.bbb.ccc.ddd/32 80 (where aaa.bbb.ccc.ddd is your ip address. This allows packets into your system on port 80)
ipfwadm -Ia accept -S 0.0.0.0/0 -D aaa.bbb.ccc.ddd/32 1025:* (this makes sure your system can accept packets on what are known as non-privileged ports....ports that nothing important is on, for when you ftp, surf the web, or send email)
ipfwadm -Ia deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o (this is called a catch-all rule.  Any packets that don't match the above two rules (i.e. unless they are sent to port 80 or some port above 1024) are denied anyway, but this time, they get logged to a file, so you can see what exactly someone tried to do.

If you want to get more creative, you can  use tcp_wrappers.  It's too much to go into in great detail here, but in an example, you might put the following in your hosts.deny file:
in.telnetd:ALL: banners /etc/banners
In the directory /etc/banners, create a file called in.telnetd.  In that file, put whatever you want to be displayed on the person's screen.  This can be done for any service on the machine.  Try "man 5 hosts_access" and "man 5 hosts_options".  I personally use a shell script I modified that, whenever someone tries to access an unauthorized service, gets as much information about the attacker as possible then mails me.  If the attacker  exceeds a set number of times, all packets from their IP are rejected.  If you'd  like it, drop me a line at mzito@wwprsd.mercernet.net

Best Wishes,
Matt Zito
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Zimbra on Amazon Linux help 7 151
000webhost.com default error log 1 94
How to use question mark (?) in filename with html 25 130
expand ext4 on centos 6 5 68
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question