default iptables rules
Mike Smith
mhsmith17 at tiscali.co.uk
Mon Sep 17 10:46:30 UTC 2007
On Sun, 2007-09-16 at 19:50 -0400, Jimmy Wu wrote:
> On 9/16/07, NoOp <glgxg at sbcglobal.net> wrote:
> On 09/16/2007 02:06 PM, Jimmy Wu wrote:
>
> >> > Also, how do I find out what ports are open?
> >> > I tried a netstat -l and got a lot of output (which I've
> attached to the
> >> > end)
> >> >
> >>
> >> sudo apt-get install nmap
> >>
> >> sudo nmap -sV localhost
> >>
> >> With samba running these ports will be open:
> >>
> >> 139/tcp open netbios-ssn Samba smbd 3.X (workgroup:
> >> nameofyourworkgroup)
> >> 445/tcp open netbios-ssn Samba smbd 3.X (workgroup:
> >> nameofyourworkgroup)
> >>
> >> You can replace localhost with an IP or domain name.
> >>
> >>
> >> Much thanks. The obvious next question is how to control
> which ports are
> > listening or closed. Also, I've heard of port stealthing on
> certain
> > firewall software -- does anyone know what that is?
> >
>
> Sudo apt-get install firestarter
>
> Firestarter is a gui frontend for iptables with many added
> features, see:
>
> http://www.fs-security.com/
>
> http://www.fs-security.com/docs.php
>
> You can also modify your iptables w/scripts & from the command
> line
> (google).
>
> However, Ubuntu comes with nearly all ports closed. So any
> ports opened
> afterwards are from your installation of the programs that use
> them. To
> close the ports either remove the programs that opened them,
> or read the
> program documentation to see how to close or change the ports
> it uses.
>
> I'd also very much advise purchasing a router with a built-in
> firewall.
> That, in combination with Firestarter should keep you pretty
> secure.
>
>
>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
> Thanks again for the responses.
> I actually don't want to install firestarter, at least not until I
> have more time to play around (I've been and will be extremely busy
> for a while). The last time I installed firestarter, it borked my
> connection to my Windows network. There was a thread (actually
> multiple threads) on ubuntuforums relating to this, but none of them
> worked for me and I somehow screwed up DNS/name resolution while
> trying to fix that, and eventually I just reinstalled the system, as I
> couldn't afford to spend any more time trying to get it to work.
> Realizing that firestarter is just a gui frontend to iptables, this
> time around I want to just use iptables directly, so I can immediately
> undo any rule that messes up my connection.
An easy way to check your port status is to visit http://www.grc.com and
select their 'Shields Up' test which will tell you whether your ports
are open, closed or stealthed.
More information about the ubuntu-users
mailing list