Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
How to close down ports with IPCHAINS
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: How to close down ports with IPCHAINS

  1. #1
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    How to close down ports with IPCHAINS

    Okay.. Here it's. I wanted to close down some of the ports that I've open for but I'm not sure what they are used for and how to specifically close it down.

    111 Sun rpc
    443 https ( I dont' have secure site so why I need this?? )
    515 printer ( : )
    6000 X11

    Could you tell me the command?? TIA.

  2. #2

    Re: How to close down ports with IPCHAINS

    My understanding of ports is that they aren't like doors, either open or closed. A port is only "open" if a program or process is actively listening for connections on that port.

    Look in your /etc/inetd.conf file. That starts up the services that listens on various ports. Comment out those that you don't need. Since my machine is just a home computer, I comment out ALL the services in inetd.conf. In fact, I don't even run inetd.conf. No reason to unless you are running services as a server.

    I think https is apache.

    As for port 6000, that's X Windows listening for remote connections. To stop that, run X Windows with the -nolisten tcp switch. i.e, here is a line from my gdm.conf

    [servers]
    0=/usr/bin/X11/X -nolisten tcp

  3. #3
    Moderator
    Advisor
    redhead's Avatar
    Join Date
    Jun 2001
    Location
    Copenhagen, Denmark
    Posts
    811

    Re: How to close down ports with IPCHAINS

    #!/bin/sh

    PORTS="111 443 515 6000"
    for PORT in "$PORTS"; do
    * iptables -A OUTPUT -o $EXTERN_NIC -p tcp --sport $PORT -j DROP
    done

  4. #4
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re: How to close down ports with IPCHAINS


    A port is only "open" if a program or process is actively listening for connections on *that port.
    And I think the most difficult is chasing down that program and disabling it, I guess.

    Look in your /etc/inetd.conf file. That starts up the services that listens on various ports. Comment out those that you don't need.
    The thing is that they are ALL commented out but still some services are running ....

    Since my machine is just a home computer, I comment out ALL the services in inetd.conf. In fact, I don't even run inetd.conf. No reason to unless you are running services as a server.
    yeah. This is the server machine which serves my home LAN as well as my small test sites....

    I think https is apache.
    It's secure web server but I can't find the option to disable in httpd.conf . :-/

    As for port 6000, that's X Windows listening for remote connections. To stop that, run X Windows with the -nolisten tcp switch. i.e, here is a line from my gdm.conf

    [servers]
    0=/usr/bin/X11/X -nolisten tcp
    Yeah. Mine is XDM.

    Thanks for your input anyway....

  5. #5
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re: How to close down ports with IPCHAINS


    #!/bin/sh

    PORTS="111 443 515 6000"
    for PORT in "$PORTS"; do
    * iptables -A OUTPUT -o $EXTERN_NIC -p tcp --sport $PORT -j DROP
    done
    That sounds great. Now where do I put this thing to make it permanent so that the close port will always be there if I even reboot it?? TIA.

  6. #6

    Re: How to close down ports with IPCHAINS

    Redhead is correct except that he used iptables instead of ipchains. Plus I would block it on the input instead of the output. Do it exactly like him except change the iptables line to this:

    ipchains -A input -p tcp --dport $PORT -j DROP

    But do you really want to leave all the other ports unguarded? It probably won't hurt anything if nothing is open on the other ports but who's to say that something won't become open without your knowledge? I'd do this:

    ipchains -A input -p tcp --syn -j DROP

    And if you want certain ports to be open, add lines like this before the previous line:

    ipchains -A input -p tcp --dport 80 -j DROP

    or you can replace 80 with $PORT and do it the script way like before.

  7. #7

    Re: How to close down ports with IPCHAINS


    The thing is that they are ALL commented out but still some services are running ....
    After you changed it, did you do a "killall -SIGHUP inetd"? If not, then do.

    That sounds great. Now where do I put this thing to make it permanent so that the close port will always be there if I even reboot it?? TIA.
    Which distro? If it's one of the big RPM-based ones, you could make a script of it and link to the script from /etc/rc.local.

  8. #8

    Re: How to close down ports with IPCHAINS

    to find out what pid is using what port:

    fuser -n tcp 515

    will found out whats using 515/tcp

    then do a ps -aux | grep PID

  9. #9

    Re: How to close down ports with IPCHAINS

    My understanding of ports is that they aren't like doors, either open or closed. A port is only "open" if a program or process is actively listening for connections on *that port.
    Well then your understanding is flawed, because ports are pretty much exactly like doors

    A closed port is just that -- closed. It can be opened by any program that wishes to open it and listen on it.

    Compunuts wants to know how he can close and lock (aka stealth) his ports, so that programs can't open them even if they want to.

    Unfortunately, I'm not a big ipchains guy (I only know iptables, actually, but I know it well ), so I can't help you, Compunuts. But I will say that it's always a better idea to have a default-closed ruleset that only opens the ports you want, instead of just closing a few and leaving the rest unguarded.

  10. #10
    Moderator
    Advisor
    redhead's Avatar
    Join Date
    Jun 2001
    Location
    Copenhagen, Denmark
    Posts
    811

    Re: How to close down ports with IPCHAINS

    But do you really want to leave all the other ports unguarded? It probably won't hurt anything if nothing is open on the other ports but who's to say that something won't become open without your knowledge?
    These are the ports I block in my firewall.
    Code:
    TCP_PORTS="0 111 137 138 139 445 515 555 587 1243 2772 2773 3306\
     * * * *6000 6001 6002 6003 6004 6005 6007 6008 6009 6670 6711 6776 6969\
     * * * *7215 12345 21544 23456 27374 30100 31337 31789 50505 54283"
    UDP_PORTS="0 111 138 515 555 1243 2772 2773 6670 6711 6776\
        6969 7215 12345 21544 23456 27374 30100 31337 31789 50505\
        54283"

Similar Threads

  1. Massachusetts Should Close Down OpenDocument
    By comtux in forum General Chat
    Replies: 2
    Last Post: 10-01-2005, 11:12 AM
  2. Do not allow user to close program
    By countach44 in forum Windows - General Topics
    Replies: 1
    Last Post: 04-12-2005, 05:49 PM
  3. KDE 3.0 final very close to release?
    By JimH in forum Linux - General Topics
    Replies: 4
    Last Post: 04-04-2002, 07:37 PM
  4. Accept ports with IPCHAINS
    By Compunuts in forum Linux - Software, Applications & Programming
    Replies: 4
    Last Post: 12-12-2001, 10:38 AM
  5. IPChains Help
    By nitewaryr in forum Security
    Replies: 1
    Last Post: 09-04-2001, 12:29 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •