I was wondering how to close some ports on my box! I dont have a firewall so I figured it would be a good idea. also I am directly connected to the net, no server or anything. Is there a simple command like close port 21, or is it more difficult than that? I ran nmap and it says port 80 is closed how can this be when I am writing this online now? any advise would be appreciated. thanks

I am not an expert, but I will give you a couple of informations :)

Basically you have the traffic from the Internet to your machine and from your machine to the Internet. You want to block the traffic from the Internet to your machine, because the hackers and virus are on the Internet and hopefully not on your machine :)

Even if you are not blocking the traffic from the Internet to your machine, you should be safe if you aren't running any servers (daemons) on your machine. That seems to be the case. Knoppix is meant to be a desktop Linux and thus it does not install lots of servers (daemons). That's why you probably don't have the 80 port open, because you haven't installed or loaded any http server like apache. Once a server is loaded it will listen to one or more ports, thus openning those ports.

To setup a firewall can be a bit complicated, so you are recommended to follow the instructions carefully. Some people around here like shorewall and I recommend it too. But first take a look at their site: www.shorewall.net especifically at this quick tutorial: http://www.shorewall.net/standalone.htm

To install it use apt-get install shorewall .

Consider if you really need a firewall :)

I was wondering how to close some ports on my box! I dont have a firewall so I figured it would be a good idea. also I am directly connected to the net, no server or anything. Is there a simple command like close port 21, or is it more difficult than that? I ran nmap and it says port 80 is closed how can this be when I am writing this online now? any advise would be appreciated. thanks

The easiest method apt-get remove --purge name_of_whatever_ftp_server_is_running no server no open port. You can get online because you are being served the pages not serving them up therefore no web server running on port 80. If you want to scan your computer from the internet to see what is open the Sheild's up (https://grc.com/x/ne.dll?bh0bkyd2) tools can do the job. Some other firewalls you may want to consider they are all available with apt-get.


http://www.simonzone.com/software/guarddog/
http://firestarter.sourceforge.net/
http://www.bastille-linux.org/

Or if you want to roll your own.

http://morizot.net/firewall/gen/
http://iptables-tutorial.frozentux.net/iptables-tutorial.html

thanks stephen and dewd, you helped alot my system is almost secure I just have one more issue, when I run nmap it still says alot of ports are open but when I use the shields up that you suggested it says that they are all stealthed except port 67 which is open and port 68 wich is closed. 67 is bootstrap protocol server, 68 is bootstrap protocol client. I can't find any info on how to stealth them so if you could point me in the rite direction I would be greatful. thanks