> I have a RedHat 8.0 box running Apache and Mailman. I am trying to make sure > it is locked down. When I run a port scan with nmap, I find the following > TCP ports open: > > 25 -- Mail > 80 -- WWW > 111 -- SUN RPC > 443 -- SSL > 515 -- spooler > 6000 -- X Windows > 32768 -- Filenet > > Now, I know I need 80 and 25 open, but can't I just close the rest? How do I > close a specific port within the RedHat OS? > > One last question, the port scan also returns 81 UDP ports as open or not > answering, should I close these as well? > > I would appreciate any info..... Further to Corey's good advice----- How was your firewall created? With Lokkit? Try /usr/sbin/lokkit and use the customize feature. -or, if that doesn't work out- Try /sbin/iptables-save > myfirewall. That should dump your firewall rules to the file myfirewall. You should see a rule for each of the holes in the firewall. A hole will have the target of "ACCEPT". Assuming each chain is set up to DROP anything not specifically ACCEPTed, you can edit out the rules containing the 111, 443, 515, 6000, and 32768 ports one by one and test to make sure you don't need them. You can then restore it with /sbin/iptables-restore < myfirewall and make sure the same thing happens when you reboot. You'll need to study IPTABLES to make sure you accomplish what you want. See www.netfilter.org. There are some good scripts available from www.shorewall.net as mentioned earlier in this list which will build you a pretty good firewall. -- Psyche-list mailing list Psyche-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/psyche-list
