Close Open Ports

I’m trying to find a way to close open ports (about 11 of them). My hardware doesn’t seem to allow access/utility to user to do this. Of course SFW2 provides means to close certain services. Google and Cisco have shown no joy! Hardware: Cisco DPC3941T ‘Residential Gateway’. I am using ethernet only, voice and wireless are disabled. I’m sure my ISP wants these open for ‘remote help’ but I prefer to shut them down. My searches included looking for shell access, but again, nothing! Thanks for reading and any advice welcome.
—rob

SUSE’s firewall is only applicable to the system on which it is running,
and maybe systems accessed through that initial system. Your
router/gateway/whatever is a separate system entirely, so its own
configuration controls those things.

If your router/gateway/whatever is accessed through the SUSE box, then
chances are good that, unless you opened something, it is already blocked.
The default firewall prevents unsolicited inbound comms over TCP and UDP,
and also enables the firewall, so any openings that apply were done by
you. Undo them. :slight_smile:

If you want openSUSE on your router/gateway/whatever, that may be
possible, but I’d probably not recommend it as most of those devices do
not have the hardware to run (open)SUSE Linux distros.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

Thanks for the quick reply. Sorry, I was not clear: yes, these ports are only open on the device/router/gateway. They are controlled by the ISP and not available to modification by me via the router web interface. Because I want them ‘closed’ I was hoping for a FW config solution that would deny access. I do of course have the wan ip, local net ip, etc., etc. ISP’s are notorious for mal-configuration and other such. Just a few days ago a CVE was released for my specific device, a Cisco DPC 3941T that is yet unpatched. Also, as with openSUSE, I was hoping to be able to dl patches, etc. and apply myself. Seems I’m stuck for now. Again, Thank you!
—rob

Typical ISP policy is that they assume responsibility for devices they control.
So, as long as your Residential Gateway is managed by your ISP, you are not responsible for whether it gets hacked or is mis-configured. You can often ask your ISP for the rights to manage your router (are you sure you don’t already have that capability? I’ve often found ISPs just assume customers don’t have the technical knowledge to configure settings so often leave them accessible).

In any case, as ab described you may not have any really important reason to configure your Residential Gateway directly. If you want to filter and monitor your LAN’s Internet activity, you can deploy a separate device (even an openSUSE) behind your Residential Gateway which can be configured however you wish.

Or, you can harden each Host in your LAN.

There are many options depending on what your objectives are.

TSU

Thanks for all advice! I panicked too soon due to the reputation of the isp (comcast!!). These ports are yes controlled open/close by the isp. For now I’ll just have live (cautiously) with it. Will look into a vpn service next month. Just wish I had more choices in my area. Here, it’s either AT&T ($45 - $60/month for 1.5 mbps down *that’s not a typo!) and some reasonable security, or Comcast at about $35-$40/month, for 10mbps down, and sometimes, maybe a little security. Hope the municipal broadband/fiber movement catches on here soon!. Again, thanks guys, as always. Take Care.
—rob