On Tue, 08 Jan 2002, Brendan Halpin wrote:
> For a friend running SuSE 6.4: how do you shut down access to
> specific ports?
Presumably you mean to incoming connections.
To actually remove access to the port you need to run the firewall,
iptables. Then you deny access to all ports and add back the ones which
should be available. Any connection to disallowed ports should get "no route
to host".
That said most people (RedHat packagers excluded, I guess) would not
consider this necessary. Simply shutdown the service which listens on that
port. Although the person can get a route to the port now, no service will
answer "Service Unavailable/Connection Closed by Remote Host" or some such.
This service will either be standalone or run by inetd (or xinetd) eg ssh
often is standalone listening on port 22. This must be shutdown
explicitly in the rc.d scripts.
telnet on the other hand is usually run by inetd (or xinetd etc). This
means inetd listens on port 23 and when a connection is attempted it
accepts and starts the telnet daemon. In this case you must configure
inetd not to listen on that port (/etc/services) and/or not to connect a
daemon to it (/etc/inetd.conf). I would guess the former is strictly
cleverer as inetd is not exposed either.
Gavin
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
