default iptables rules

Jimmy Wu jimmywu013 at gmail.com
Sun Sep 16 23:50:04 UTC 2007 

On 9/16/07, NoOp <glgxg at sbcglobal.net> wrote:
>
> On 09/16/2007 02:06 PM, Jimmy Wu wrote:
>
> >> > Also, how do I find out what ports are open?
> >> > I tried a netstat -l and got a lot of output (which I've attached to
> the
> >> > end)
> >> >
> >>
> >> sudo apt-get install nmap
> >>
> >> sudo nmap -sV localhost
> >>
> >> With samba running these ports will be open:
> >>
> >> 139/tcp   open  netbios-ssn Samba smbd 3.X (workgroup:
> >> nameofyourworkgroup)
> >> 445/tcp   open  netbios-ssn Samba smbd 3.X (workgroup:
> >> nameofyourworkgroup)
> >>
> >> You can replace localhost with an IP or domain name.
> >>
> >>
> >> Much thanks.  The obvious next question is how to control which ports
> are
> > listening or closed.  Also, I've heard of port stealthing on certain
> > firewall software -- does anyone know what that is?
> >
>
> Sudo apt-get install firestarter
>
> Firestarter is a gui frontend for iptables with many added features, see:
>
> http://www.fs-security.com/
>
> http://www.fs-security.com/docs.php
>
> You can also modify your iptables w/scripts & from the command line
> (google).
>
> However, Ubuntu comes with nearly all ports closed. So any ports opened
> afterwards are from your installation of the programs that use them. To
> close the ports either remove the programs that opened them, or read the
> program documentation to see how to close or change the ports it uses.
>
> I'd also very much advise purchasing a router with a built-in firewall.
> That, in combination with Firestarter should keep you pretty secure.
>
>
>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>

Thanks again for the responses.
I actually don't want to install firestarter, at least not until I have more
time to play around (I've been and will be extremely busy for a while).  The
last time I installed firestarter, it borked my connection to my Windows
network.  There was a thread (actually multiple threads) on ubuntuforums
relating to this, but none of them worked for me and I somehow screwed up
DNS/name resolution while trying to fix that, and eventually I just
reinstalled the system, as I couldn't afford to spend any more time trying
to get it to work.
Realizing that firestarter is just a gui frontend to iptables, this time
around I want to just use iptables directly, so I can immediately undo any
rule that messes up my connection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070916/0c572e12/attachment.html>

More information about the ubuntu-users mailing list