[sclug] Firewalling on a server
Tom Chance
tom at acrewoods.net
Thu Jan 5 20:01:53 UTC 2006
Ahoy,
Just a quick question - if you've got a server running a certain number of
services and you know the ports they use, then presumably it makes sense to
firewall off every other port?
Or would I stupidly block off incoming data on ports that I didn't realise are
needed, beyond those for SSH (22), SMTP (25), Apache (80), IMAP (143), LDAPS
(636) and MySQL (3306)? Looking in /etc/services there are lots of ports that
are mentioned for basic services like echo, netstat, login, who, etc. I've
looked down the list given by 'netstat -a' but I've noticed that some are
listed without my running the related server (*:ircd is listed as LISTEN).
I've blocked off a few odd things I know are unnecessary (including 6667 for
irc). Any light that people could shed on this would be welcome...
</newbie-sysadmin>
Regards,
Tom
--
I'm aware that e-mails to me may be blocked by my host
because they are mistaken as spam. If this happens,
please e-mail me at: telex4 at yahoo.com
More information about the Sclug
mailing list