How do I shut down this ports

Abraham Al-Saleh alittle37 at knightabel.onestop.net
Tue Aug 5 06:24:33 UTC 2003 

Actualy, they are enabled by default and I believe they are generally
harmless. 6000 is the windowing system and 111 is NFS portmap.

To shut down the ports you would use iptables to drop or reject packets
destined for those ports. However, unless you are using NFS it is safe
to turn off the portmapper (which is what sunrpc is) in most situations.
to drop packets destined for a certain port, you would type (as root):

	iptables -A INPUT -p tcp -m tcp --dport [portnumber] -i 	[interface] -j
DROP

where [portnumber] is the number of the port (e.g. 111) is the
portnumber, and [interface] is the interface connected to any untrusted
networks (e.g. ppp0)

if you are happy with these settings, type (as root):

	service iptables save

to see the current state of your tables, type (again, as root):

	service iptables status

Now, to turn off portmap (if it is ok to do this) type (blah blah, as
root.):

	service portmap stop

if you wish to permanently disable it use (root...):

	mv /etc/rc.d/rc[rl].d/S13portmap /etc/rc.d/rc[rl].d/K13portmap

where [rl] is your default runlevel. 5 if you start in graphical and 3
if you start in text mode (e.g. /etc/rc.d/rc5.d). RHL Severn is set to
use rl5 as the default, by, err... default. I believe there are also
graphical tools for enabling and disabling services as boot time. I
generally don't use these as I prefer the CLI for administrative duties.
But feel free to look. Also, preserve the case on scripts in your rc
directories.

And finally, just so you don't get mad at me, do this at your own risk.
if you have an admin in charge of your network ask he or she for
instructions on what to do. Also if this question has been answered, I
am sorry for this late reply, I get this mailing list in digest form


--Abe Al-Saleh
--------------------Original Message--------------------

Subject: How do I shut down this ports
From: Louis Garcia <louisg00 at bellsouth.net>
To: rhl-beta-list at redhat.com
Date: 04 Aug 2003 00:54:08 -0400
Reply-To: rhl-beta-list at redhat.com

111/tcp    open        sunrpc
6000/tcp   open        X11

Should these be open be default?

More information about the test mailing list