On Mar 6, 2006, at 3:45 PM, Brian O'Neal asked: > Could someone tell me what the command is to manually close a port > in the terminal?
Usually, you can do just as well by denying access to the service that normally lives on a port. This is most painlessly done using tcpwrappers. Tcpwrappers is one of the most painless security tools on the Mac and seems to be somewhat of a secret. To use tcpwrappers, create two files in the /etc directory called hosts.allow and hosts.deny. These files will be populated with rules dictating who can connect to which services. Here's how I populate them. In the hosts.deny file there's one line that reads all : all This denies all services to everybody by default. That way you have to turn on rules to specifically let people in. Now, suppose you want only me (lml.homedns.org) to connect to your ssh service (port 22). In the hosts.allow file you write sshd : lml.homedns.org That's all there is to it! You don't have to restart anything, or jump through any more hoops. There are many tutorials on this, if you Google on tcpwrappers. Tcpwrappers has many options for fine-tuning access, and I have pretty extensive files on my machines that I've developed by trial and error. Now that I think of it, there is one gotcha. This will only work for network services that are done through xinetd. This isn't a big deal because almost all of them are done through xinetd, with the most notable exception being the Apache Web server. It has its own configuration file to control access. | The next meeting of the Louisville Computer Society will | be March 28 at Pitt Academy, 6010 Preston Highway. | The LCS Web page is <http://www.kymac.org>. | List posting address: <mailto:macgroup at erdos.math.louisville.edu> | List Web page: <http://erdos.math.louisville.edu/macgroup>
