Re: [expert] Hoto close some ports...

Gregor Maier Tue, 10 Jul 2001 02:42:37 -0700

On 10-Jul-2001 civileme wrote:
> On Tuesday 10 July 2001 09:25, Arman Khalatyan wrote:
>> Hallo!
>> Hoto close some ports...
>> I have Mandrake  7.2 with 2.4.1 kernel.
>> #############################################################
>> [arm2arm@icas> arm2arm]$ nmap localhost
>> Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
>> Interesting ports on localhost.localdomain (127.0.0.1):
>> (The 1514 ports scanned but not shown below are in state: closed)
>> Port       State       Service
>> 21/tcp     open        ftp
>> 23/tcp     open        telnet
>> 25/tcp     open        smtp
>> 110/tcp    open        pop-3
>> 113/tcp    open        auth          <-- I wont to close this one
>> 443/tcp    open        https
>> 513/tcp    open        login
>> 1024/tcp   open        kdm      <-- I wont to close this one
>> 6000/tcp   open        X11        <-- I wont to close this one
>> ##############################################################
>> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
>>
>> Bests ArMan.
> 
> Would you settle for filtered?
> 
> Closing the ports means the server is not running.  Stop kdm and you won't be
> logging in to graphics window managers; stop X and you won't have any 
> graphics system, and stop auth and you won't be able to login.
> 
> 
> iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 6000 DROP
> iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 113 DROP
> iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 1024 DROP
that should be -j DROP and not just DROP (prehaps it will still work but the
correct syntax is -j)
there's a nice howto on iptables and packet filtering at
netfilter.filewatcher.org or look at the ipchains howto at linuxdocs.org (which
can give you additional hints on packet filtering)

> Those are faily strict rules--ssh logins will not be possible externally, nor
> will exports through xhost (where your screen appears on some other
> computer).

> Now you have a problem.  72 does not have iptables, but that is what kernel 
> 2.4 uses.  I am unsure how to activate ipchains for kernel 2.4, and I think 
> you would be well-advised to seek out and compile the tarballs or source rpms
> for iptables since the 8.0 mandrake cannot supply the binaries.
>
there's a module ipchains in kernel 2.4 which will enable use of the ipchains
command (you could still use ipfwadm with the ipfwadm  module...)
 
----------------------------------
E-Mail: Gregor Maier <[EMAIL PROTECTED]>
Date: 10-Jul-2001
Time: 11:57:06
----------------------------------
Re: [expert] Hoto close some ports...

Reply via email to
