Ok..
Thak you!
I will try to use your recomendations.
Bests ArMan.
----- Original Message -----
From: "Gregor Maier" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 10, 2001 2:05 PM
Subject: Re: [expert] Hoto close some ports...
>
> On 10-Jul-2001 civileme wrote:
> > On Tuesday 10 July 2001 09:25, Arman Khalatyan wrote:
> >> Hallo!
> >> Hoto close some ports...
> >> I have Mandrake 7.2 with 2.4.1 kernel.
> >> #############################################################
> >> [arm2arm@icas> arm2arm]$ nmap localhost
> >> Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
> >> Interesting ports on localhost.localdomain (127.0.0.1):
> >> (The 1514 ports scanned but not shown below are in state: closed)
> >> Port State Service
> >> 21/tcp open ftp
> >> 23/tcp open telnet
> >> 25/tcp open smtp
> >> 110/tcp open pop-3
> >> 113/tcp open auth <-- I wont to close this one
> >> 443/tcp open https
> >> 513/tcp open login
> >> 1024/tcp open kdm <-- I wont to close this one
> >> 6000/tcp open X11 <-- I wont to close this one
> >> ##############################################################
> >> Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds
> >>
> >> Bests ArMan.
> >
> > Would you settle for filtered?
> >
> > Closing the ports means the server is not running. Stop kdm and you
won't be
> > logging in to graphics window managers; stop X and you won't have any
> > graphics system, and stop auth and you won't be able to login.
> >
> >
> > iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 6000 DROP
> > iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 113 DROP
> > iptables -I 1 -t filter INPUT -p tcp -s !127.0.0.1 --dport 1024 DROP
> that should be -j DROP and not just DROP (prehaps it will still work but
the
> correct syntax is -j)
> there's a nice howto on iptables and packet filtering at
> netfilter.filewatcher.org or look at the ipchains howto at linuxdocs.org
(which
> can give you additional hints on packet filtering)
>
> > Those are faily strict rules--ssh logins will not be possible
externally, nor
> > will exports through xhost (where your screen appears on some other
> > computer).
>
> > Now you have a problem. 72 does not have iptables, but that is what
kernel
> > 2.4 uses. I am unsure how to activate ipchains for kernel 2.4, and I
think
> > you would be well-advised to seek out and compile the tarballs or source
rpms
> > for iptables since the 8.0 mandrake cannot supply the binaries.
> >
> there's a module ipchains in kernel 2.4 which will enable use of the
ipchains
> command (you could still use ipfwadm with the ipfwadm module...)
>
> ----------------------------------
> E-Mail: Gregor Maier <[EMAIL PROTECTED]>
> Date: 10-Jul-2001
> Time: 11:57:06
> ----------------------------------
>
