On 9/14/07, <b class="gmail_sendername">John L Fjellstad</b> <<a href="mailto:john-ubuntu@fjellstad.org">john-ubuntu@fjellstad.org</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Peter Garrett <<a href="mailto:peter.garrett@optusnet.com.au">peter.garrett@optusnet.com.au</a>> writes:<br><br>> I have found the simplest way to set up iptables is to start with a<br>> default "DROP" policy for INPUT
<br><br>One thing to note is that if you are ssh into a box, it might not be a<br>good idea to add this policy first (God knows I've done that a couple of<br>times :-) ).<br><br>--<br>John L. Fjellstad<br>web: <a href="http://www.fjellstad.org/">
http://www.fjellstad.org/</a> Quis custodiet ipsos custodes<br><br><br>--<br>ubuntu-users mailing list<br><a href="mailto:ubuntu-users@lists.ubuntu.com">ubuntu-users@lists.ubuntu.com</a><br>Modify settings or unsubscribe at:
<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-users">https://lists.ubuntu.com/mailman/listinfo/ubuntu-users</a><br></blockquote></div><br>Thanks all for the responses, especially Peter for your script.<br>Just a few more questions: I don't have any servers running that I know of, but I do have samba installed - does that open any ports I should worry about?
<br>Also, how do I find out what ports are open? <br>I tried a netstat -l and got a lot of output (which I've attached to the end)<br><br>Thanks again,<br><br>Jimmy<br>----<br>$netstat -l<br>Active Internet connections (only servers)
<br>Proto Recv-Q Send-Q Local Address Foreign Address State <br>tcp 0 0 localhost:2208 *:* LISTEN <br>tcp 0 0 *:netbios-ssn *:* LISTEN
<br>tcp 0 0 localhost:ipp *:* LISTEN <br>tcp 0 0 localhost:smtp *:* LISTEN <br>tcp 0 0 *:microsoft-ds *:* LISTEN
<br>tcp 0 0 localhost:2207 *:* LISTEN <br>udp 0 0 *:1024 *:* <br>udp 0 0 jimmy-deskto:netbios-ns *:*
<br>udp 0 0 *:netbios-ns *:* <br>udp 0 0 jimmy-deskt:netbios-dgm *:* <br>udp 0 0 *:netbios-dgm *:*
<br>udp 0 0 *:bootpc *:* <br>udp 0 0 *:mdns *:* <br>Active UNIX domain sockets (only servers)<br>Proto RefCnt Flags Type State I-Node Path
<br>unix 2 [ ACC ] STREAM LISTENING 17036 @/tmp/dbus-Jj1IZraEdW<br>unix 2 [ ACC ] STREAM LISTENING 65138 /tmp/orbit-jimmy/linc-49ef-0-4d355f604f16a<br>unix 2 [ ACC ] STREAM LISTENING 15886 @/tmp/dbus-gcwWEraAz9
<br>unix 2 [ ACC ] STREAM LISTENING 14792 @/var/run/hald/dbus-pa16nkeiqH<br>unix 2 [ ACC ] STREAM LISTENING 16004 /var/run/gdm_socket<br>unix 2 [ ACC ] STREAM LISTENING 14793 @/var/run/hald/dbus-P5Qlxehzkw
<br>unix 2 [ ACC ] STREAM LISTENING 14766 /var/run/dbus/system_bus_socket<br>unix 2 [ ACC ] STREAM LISTENING 16096 /tmp/.X11-unix/X0<br>unix 2 [ ACC ] STREAM LISTENING 65737 /var/run/cups/cups.sock
<br>unix 2 [ ACC ] STREAM LISTENING 17025 /tmp/ssh-AnXnmM5511/agent.5511<br>unix 2 [ ACC ] STREAM LISTENING 17056 /tmp/orbit-jimmy/linc-15b3-0-5d50681871d0d<br>unix 2 [ ACC ] STREAM LISTENING 17066 /tmp/orbit-jimmy/linc-1587-0-25c4d9469038e
<br>unix 2 [ ACC ] STREAM LISTENING 15823 /var/run/avahi-daemon/socket<br>unix 2 [ ACC ] STREAM LISTENING 17274 /tmp/.ICE-unix/5511<br>unix 2 [ ACC ] STREAM LISTENING 17283 /tmp/keyring-ZxB3dr/socket
<br>unix 2 [ ACC ] STREAM LISTENING 17304 /tmp/orbit-jimmy/linc-15b8-0-3d87b5b62ea24<br>unix 2 [ ACC ] STREAM LISTENING 17332 /tmp/.esd-1000/socket<br>unix 2 [ ACC ] STREAM LISTENING 17425 /tmp/orbit-jimmy/linc-15c7-0-43129403a5c14
<br>unix 2 [ ACC ] STREAM LISTENING 17441 /tmp/orbit-jimmy/linc-15c4-0-33d47713c4ee7<br>unix 2 [ ACC ] STREAM LISTENING 17470 /tmp/orbit-jimmy/linc-15ce-0-7567581b4d919<br>unix 2 [ ACC ] STREAM LISTENING 17488 /tmp/orbit-jimmy/linc-15cd-0-7567581b7b017
<br>unix 2 [ ACC ] STREAM LISTENING 17520 /tmp/orbit-jimmy/linc-15d4-0-6bdd1237624b<br>unix 2 [ ACC ] STREAM LISTENING 17546 /tmp/orbit-jimmy/linc-15d6-0-276dbd3672679<br>unix 2 [ ACC ] STREAM LISTENING 17578 /tmp/orbit-jimmy/linc-15dc-0-982c510eac63
<br>unix 2 [ ACC ] STREAM LISTENING 17586 /tmp/orbit-jimmy/linc-15db-0-982c510f26bf<br>unix 2 [ ACC ] STREAM LISTENING 17612 /tmp/orbit-jimmy/linc-15dd-0-2de345fbe5707<br>unix 2 [ ACC ] STREAM LISTENING 17622 /tmp/orbit-jimmy/linc-15d0-0-4223569f97354
<br>unix 2 [ ACC ] STREAM LISTENING 17664 /tmp/orbit-jimmy/linc-15da-0-1f9513d70dd6<br>unix 2 [ ACC ] STREAM LISTENING 17704 /tmp/orbit-jimmy/linc-15ed-0-320d98c556334<br>unix 2 [ ACC ] STREAM LISTENING 18093 /tmp/orbit-jimmy/linc-1601-0-6aaf18c25e9af
<br>unix 2 [ ACC ] STREAM LISTENING 18125 /tmp/orbit-jimmy/linc-15ef-0-6aaf18c29da00<br>unix 2 [ ACC ] STREAM LISTENING 18166 /tmp/orbit-jimmy/linc-160b-0-1cfec429cce0d<br>unix 2 [ ACC ] STREAM LISTENING 18170 /tmp/mapping-jimmy
<br>unix 2 [ ACC ] STREAM LISTENING 18189 /tmp/orbit-jimmy/linc-160e-0-184970c268ec<br>unix 2 [ ACC ] STREAM LISTENING 18286 /tmp/orbit-jimmy/linc-1644-0-5c3eee543ad4f<br>unix 2 [ ACC ] STREAM LISTENING 18436 /tmp/orbit-jimmy/linc-164b-0-647d0b7a99f3f
<br>unix 2 [ ACC ] STREAM LISTENING 18465 /tmp/orbit-jimmy/linc-16a3-0-730a77c762895<br>unix 2 [ ACC ] STREAM LISTENING 20872 /tmp/orbit-jimmy/linc-1f44-0-611450c0e89e6<br>unix 2 [ ACC ] STREAM LISTENING 20890 /tmp/OSL_PIPE_1000_SingleOfficeIPC_293ed21488f4283a9a45a9d9271aff7d
<br><br>