I have a box running 11.3. I have a non-standard ssh port setup for myself. If I have only 2 ports being allowed… NFS and ssh of course.
Is it safe to say that any other port is being blocked? If is not specifically allowed in SuSEfirewall2, then it should be blocked, correct?
If this is not the case, is there a simple way to block ALL ports other than the ones I specifically want to let through?
Correct
Unless you specifically allow it, a port is closed.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
By default, that is how it works, yes (block all, allow exceptions) which
is the correct way to do something in security terms.
Two of my favorite iptables commands:
sudo /usr/sbin/iptables -L -v -n
sudo /usr/sbin/iptables-save
Good luck.
On 08/02/2010 10:06 PM, themagicm wrote:
>
> I have a box running 11.3. I have a non-standard ssh port setup for
> myself. If I have only 2 ports being allowed… NFS and ssh of course.
>
> Is it safe to say that any other port is being blocked? If is not
> specifically allowed in SuSEfirewall2, then it should be blocked,
> correct?
>
> If this is not the case, is there a simple way to block ALL ports other
> than the ones I specifically want to let through?
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJMV5pnAAoJEF+XTK08PnB5W1cQAJTkGNattGGxnP4CQIvoGQvu
BQAlDEt3iGyVwmhpcGjUrOYNIQTjTubozqMVoIuuFy0kCqBubqZfKueTiVLjiWVW
vxQbsnoqdoSo6xdx8RUr9P7LuzASRM3Koj3Lu7EunQiJfadLQqVkY7+1qWggGe55
pug4aadFm94/OjH5vgVr7gw2PJ7aQkET7VY41mYDiLlVKOzJOukEtBaO5hvk638O
PnxHqBpBW+ikzXQxV2O79BvHSLJt1zH9vRYiwK5zn/Z40w+EHR/5KCRQ3cy1ScE3
p9liRIcRSczPoZ4v0jKi7w1CHkfn+KR+UiB2YrmsHyyRlOWgPo1Hx9Mo4qfI2Kky
GTdud7B4CiV9ZwDzYX42EqXexrI4B/slDlPNoVgKvxIJgeEeXcBWxXecRRKtw83s
1MKb8tpQTZ1wEX5FpYpQpmLE8kO+jWBmQ/sa4NOnsDpywv+wEWqxbCA6H8aOzcG1
llGxyXuEeP8iBRfVTwEOa5BRrHxru/aaqLzlef9u4Q/nY4o5JiQP9HD8YS+BZvNZ
SW0m2oKgsMuU0sh3lQYZiYKHLI3nkUvdjQygTEgIooUV/6fKKH3gUoecdarnoZu1
QscU2HMUdVD4K7wLU+tSlUEmmFrDcAO3tfPLLIchKVD4kbaIm++LJ8A3AToFobY/
55N7fWAadLcz4tKEIgN3
=WYpv
-----END PGP SIGNATURE-----
On Mon August 2 2010 11:26 pm, ab@novell.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> By default, that is how it works, yes (block all, allow exceptions) which
> is the correct way to do something in security terms.
>
> Two of my favorite iptables commands:
>
> sudo /usr/sbin/iptables -L -v -n
> sudo /usr/sbin/iptables-save
>
> Good luck.
>
>
>
>
>
> On 08/02/2010 10:06 PM, themagicm wrote:
>>
>> I have a box running 11.3. I have a non-standard ssh port setup for
>> myself. If I have only 2 ports being allowed… NFS and ssh of course.
>>
>> Is it safe to say that any other port is being blocked? If is not
>> specifically allowed in SuSEfirewall2, then it should be blocked,
>> correct?
>>
>> If this is not the case, is there a simple way to block ALL ports other
>> than the ones I specifically want to let through?
>>
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
<snip>
> -----END PGP SIGNATURE-----
themagicm;
P. V.
“We’re all in this together, I’m pulling for you.” Red Green