default iptables rules

Jimmy Wu jimmywu013 at gmail.com
Sun Sep 16 00:02:45 UTC 2007 

On 9/14/07, John L Fjellstad <john-ubuntu at fjellstad.org> wrote:
>
> Peter Garrett <peter.garrett at optusnet.com.au> writes:
>
> > I have found the simplest way to set up iptables is to start with a
> > default "DROP" policy for INPUT
>
> One thing to note is that if you are ssh into a box, it might not be a
> good idea to add this policy first (God knows I've done that a couple of
> times :-) ).
>
> --
> John L. Fjellstad
> web: http://www.fjellstad.org/          Quis custodiet ipsos custodes
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>

Thanks all for the responses, especially Peter for your script.
Just a few more questions: I don't have any servers running that I know of,
but I do have samba installed - does that open any ports I should worry
about?
Also, how do I find out what ports are open?
I tried a netstat -l and got a lot of output (which I've attached to the
end)

Thanks again,

Jimmy
----
$netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address
State
tcp        0      0 localhost:2208          *:*
LISTEN
tcp        0      0 *:netbios-ssn           *:*
LISTEN
tcp        0      0 localhost:ipp           *:*
LISTEN
tcp        0      0 localhost:smtp          *:*
LISTEN
tcp        0      0 *:microsoft-ds          *:*
LISTEN
tcp        0      0 localhost:2207          *:*
LISTEN
udp        0      0 *:1024
*:*
udp        0      0 jimmy-deskto:netbios-ns
*:*
udp        0      0 *:netbios-ns
*:*
udp        0      0 jimmy-deskt:netbios-dgm
*:*
udp        0      0 *:netbios-dgm
*:*
udp        0      0 *:bootpc
*:*
udp        0      0 *:mdns
*:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     17036
@/tmp/dbus-Jj1IZraEdW
unix  2      [ ACC ]     STREAM     LISTENING     65138
/tmp/orbit-jimmy/linc-49ef-0-4d355f604f16a
unix  2      [ ACC ]     STREAM     LISTENING     15886
@/tmp/dbus-gcwWEraAz9
unix  2      [ ACC ]     STREAM     LISTENING     14792
@/var/run/hald/dbus-pa16nkeiqH
unix  2      [ ACC ]     STREAM     LISTENING     16004
/var/run/gdm_socket
unix  2      [ ACC ]     STREAM     LISTENING     14793
@/var/run/hald/dbus-P5Qlxehzkw
unix  2      [ ACC ]     STREAM     LISTENING     14766
/var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     16096    /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     65737
/var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     17025
/tmp/ssh-AnXnmM5511/agent.5511
unix  2      [ ACC ]     STREAM     LISTENING     17056
/tmp/orbit-jimmy/linc-15b3-0-5d50681871d0d
unix  2      [ ACC ]     STREAM     LISTENING     17066
/tmp/orbit-jimmy/linc-1587-0-25c4d9469038e
unix  2      [ ACC ]     STREAM     LISTENING     15823
/var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     17274
/tmp/.ICE-unix/5511
unix  2      [ ACC ]     STREAM     LISTENING     17283
/tmp/keyring-ZxB3dr/socket
unix  2      [ ACC ]     STREAM     LISTENING     17304
/tmp/orbit-jimmy/linc-15b8-0-3d87b5b62ea24
unix  2      [ ACC ]     STREAM     LISTENING     17332
/tmp/.esd-1000/socket
unix  2      [ ACC ]     STREAM     LISTENING     17425
/tmp/orbit-jimmy/linc-15c7-0-43129403a5c14
unix  2      [ ACC ]     STREAM     LISTENING     17441
/tmp/orbit-jimmy/linc-15c4-0-33d47713c4ee7
unix  2      [ ACC ]     STREAM     LISTENING     17470
/tmp/orbit-jimmy/linc-15ce-0-7567581b4d919
unix  2      [ ACC ]     STREAM     LISTENING     17488
/tmp/orbit-jimmy/linc-15cd-0-7567581b7b017
unix  2      [ ACC ]     STREAM     LISTENING     17520
/tmp/orbit-jimmy/linc-15d4-0-6bdd1237624b
unix  2      [ ACC ]     STREAM     LISTENING     17546
/tmp/orbit-jimmy/linc-15d6-0-276dbd3672679
unix  2      [ ACC ]     STREAM     LISTENING     17578
/tmp/orbit-jimmy/linc-15dc-0-982c510eac63
unix  2      [ ACC ]     STREAM     LISTENING     17586
/tmp/orbit-jimmy/linc-15db-0-982c510f26bf
unix  2      [ ACC ]     STREAM     LISTENING     17612
/tmp/orbit-jimmy/linc-15dd-0-2de345fbe5707
unix  2      [ ACC ]     STREAM     LISTENING     17622
/tmp/orbit-jimmy/linc-15d0-0-4223569f97354
unix  2      [ ACC ]     STREAM     LISTENING     17664
/tmp/orbit-jimmy/linc-15da-0-1f9513d70dd6
unix  2      [ ACC ]     STREAM     LISTENING     17704
/tmp/orbit-jimmy/linc-15ed-0-320d98c556334
unix  2      [ ACC ]     STREAM     LISTENING     18093
/tmp/orbit-jimmy/linc-1601-0-6aaf18c25e9af
unix  2      [ ACC ]     STREAM     LISTENING     18125
/tmp/orbit-jimmy/linc-15ef-0-6aaf18c29da00
unix  2      [ ACC ]     STREAM     LISTENING     18166
/tmp/orbit-jimmy/linc-160b-0-1cfec429cce0d
unix  2      [ ACC ]     STREAM     LISTENING     18170
/tmp/mapping-jimmy
unix  2      [ ACC ]     STREAM     LISTENING     18189
/tmp/orbit-jimmy/linc-160e-0-184970c268ec
unix  2      [ ACC ]     STREAM     LISTENING     18286
/tmp/orbit-jimmy/linc-1644-0-5c3eee543ad4f
unix  2      [ ACC ]     STREAM     LISTENING     18436
/tmp/orbit-jimmy/linc-164b-0-647d0b7a99f3f
unix  2      [ ACC ]     STREAM     LISTENING     18465
/tmp/orbit-jimmy/linc-16a3-0-730a77c762895
unix  2      [ ACC ]     STREAM     LISTENING     20872
/tmp/orbit-jimmy/linc-1f44-0-611450c0e89e6
unix  2      [ ACC ]     STREAM     LISTENING     20890
/tmp/OSL_PIPE_1000_SingleOfficeIPC_293ed21488f4283a9a45a9d9271aff7d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070915/4f0b8613/attachment.html>

More information about the ubuntu-users mailing list