noel wrote:
> I'm trying out opensolaris and i did a quick nmap scan on an opensolaris 
> computer from another computer and found the following ports open:
> 22 ssh
> 25 smtp
> 111 rpcbind
> 587 submission
> 
> i want to have no ports open to the public unless i explicitly open it. 

svcadm disable ssh
svcadm disable sendmail  <== port 25 and 587
svcadm disable rpc/bind  <== Disabling this disables NFS

 > also, is there a way to block all outgoing connections except for 
connections initiated by certain programs like firefox or pidgin?

No, Solaris does not have an application based firewall.  Firewall rules 
are set by IP level information not by applicaiton.

You can setup ipfilter rules to only allow outbound connections to the 
ports that firefox & pidgin use however that won't stop wget or 
something else from using the same port.

-- 
Darren J Moffat

Reply via email to