Topic: Closing or blocking ports

[Tyrone C. Miles]

Right now I am just using my e-smith server for DNS on my network. When I run Lanscan network scaning tool against my server I get back a ton of ports being open.

I want to close any ports I am not using now and then be able to open them back up later when I need them. I only need DNS open at this time. My network manager does not like Linux, and when he sees all the ports open, even though the services are not active the ports are still open on his scan and he uses that as an excuse to try and force me to use 2000.

[Nathan Fowler]

It's a common misconception that open ports designate an insecurity.  Most daemons on that E-Smith box are light-years more secure than anything 2000 could hope for.  However, that won't make your network manager sleep at night will it?  It's funny how people think just because you have to "pay" for something that it is naturally more secure.  I fight the same battles are work myself.

My recommendation would be since you do not need these services, simply shut them down.  It isn't necessary to firewall a port that isn't listening.  If you need the service locally but do not want access outside the intranet then you could start looking at ipchain rules.

Hope this helped,
Nathan

[Luis A. Navas]

Try http://www.e-smith.org/bboard/read.php?f=3&i=16941&t=7444 and search RE: Trying to block AIM with ipchains from Jeef Martin 09-28-01 16:13

or try http://www.e-smith.org/bboard/read.php?f=3&i=16722&t=16714 and seach RE: deny internet access to a user from Nathan Fowler 07-17-02 16:46

or try http://www.martintechnology.com/howto_block_aim.htm