Netstat -lantu


Fresh install of opensuse - virtualbox, rkhunter, etc etc installed.

As su carry out netstat -lantu and get this

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0   *               LISTEN      
tcp        0      0    *               LISTEN      
tcp        0      0 *               LISTEN      
tcp        0      0    *               LISTEN      
udp        0      0   *                           
udp        0      0    *                           
udp        0      0  *                           
udp        0      0   *                           
udp        0      0   *                           
udp        0      0 *                    

Why are these services listening? I’ve certainly not configured SSH (22) for example


You didn’t say which version of openSUSE, pre-11.2 sshd is enabled by default.

111 is portmapper, 631 is CUPS, 25 is postfix, 5353 is mdns and so forth - all of those services are “enabled by default” and since you have firewall up (I hope) they’re also walled in.

I also wonder if you are looking at the right box, since by default openSUSE’s postfix listens only on And you’ve got something listening on port 68 which is for DHCP client daemon. It doesn’t look like a default openSUSE install at all. Either it’s not, or you changed the defaults before installing.

Hi - sorry am on 11.2.

And it is a default install from the gnome cd, its a single workstation with the only dhcp server being provided via the router.

Yes iptables is running :slight_smile:

Just a tad surprised to be honest - as I thought an initial install of OpenSuse started with no ports open by default?

Well it has ports open for various services but since the firewall goes up before the networking kicks in, it’s not an issue.

Minimal install has nothing open, absolutely nothing. Then again it includes nothing either :slight_smile:

Indeed not :slight_smile:

Would you be concerned with those services opening? Even with a fw in place?


No, they’re all firewalled tightly - many of them offer additional functionality for workstations. Unless you’re extremely paranoid or intend to run without an FW, I would just leave them as they are.

Great - Thank you