how permit and restrict ports

[manek]

Hi, can you give an advice how to restrict ports in Linux [better in Mandrake 9.0] so nobody scanning my IP adress
will not see them.

Thanks, Manek.

 

[pupu]

Open ports are something like open doors - they are open because you are offering some service behind them. If you don't want to offer such service, just shut the program that handles it and this open port will close. 'netstat -an|grep listen' will tell you numbers of open ports and 'lsof -i <tcp|udp>:<number>' will tell you the name of program

 

[yowie]

I use these rules in iptables to block any new connections
Just remember to set your variables

#Location of iptables???
$IPTABLES=/sbin/iptables
$EXTIP=&quot;ppp0&quot; #Change to your external interface
$INTIF=&quot;eth1&quot; #Change to your internal interface

#Stops new connections on FORWARD chain
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

#Stops new connections on INPUT chain
$IPTABLES -A INPUT -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allows anything from Internal LAN into Linux box
$IPTABLES -A INPUT -i $INTIF -j ACCEPT

#Allows anything out of Internal LAN to Internet
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

Put these at the end of your scripts
If you want to allow certain ports into your machine from outside put an ACCEPT rule before these

Set your default rules for INPUT, OUTPUT, FORWARD to DROP and lo and behold you disappear from the internet and your set.

 

[manek]

Thanks for yours replies it helped me take right direction.
Manek

 

[PcLinuxGuru]

I good program to get started would be something like Firestarter....

What i did was install it and examined the scripts it creates to see how things are done.