noel wrote: > I'm trying out opensolaris and i did a quick nmap scan on an opensolaris > computer from another computer and found the following ports open: > 22 ssh > 25 smtp > 111 rpcbind > 587 submission > > i want to have no ports open to the public unless i explicitly open it.
svcadm disable ssh svcadm disable sendmail <== port 25 and 587 svcadm disable rpc/bind <== Disabling this disables NFS > also, is there a way to block all outgoing connections except for connections initiated by certain programs like firefox or pidgin? No, Solaris does not have an application based firewall. Firewall rules are set by IP level information not by applicaiton. You can setup ipfilter rules to only allow outbound connections to the ports that firefox & pidgin use however that won't stop wget or something else from using the same port. -- Darren J Moffat