default iptables rules
NoOp
glgxg at sbcglobal.net
Sun Sep 16 21:52:34 UTC 2007
On 09/16/2007 02:06 PM, Jimmy Wu wrote:
>> > Also, how do I find out what ports are open?
>> > I tried a netstat -l and got a lot of output (which I've attached to the
>> > end)
>> >
>>
>> sudo apt-get install nmap
>>
>> sudo nmap -sV localhost
>>
>> With samba running these ports will be open:
>>
>> 139/tcp open netbios-ssn Samba smbd 3.X (workgroup:
>> nameofyourworkgroup)
>> 445/tcp open netbios-ssn Samba smbd 3.X (workgroup:
>> nameofyourworkgroup)
>>
>> You can replace localhost with an IP or domain name.
>>
>>
>> Much thanks. The obvious next question is how to control which ports are
> listening or closed. Also, I've heard of port stealthing on certain
> firewall software -- does anyone know what that is?
>
Sudo apt-get install firestarter
Firestarter is a gui frontend for iptables with many added features, see:
http://www.fs-security.com/
http://www.fs-security.com/docs.php
You can also modify your iptables w/scripts & from the command line
(google).
However, Ubuntu comes with nearly all ports closed. So any ports opened
afterwards are from your installation of the programs that use them. To
close the ports either remove the programs that opened them, or read the
program documentation to see how to close or change the ports it uses.
I'd also very much advise purchasing a router with a built-in firewall.
That, in combination with Firestarter should keep you pretty secure.
More information about the ubuntu-users
mailing list