2

I am using Linux Mint. Someone is trying to access my computer via my MAC Address and open port. I have some questions:

  1. I know that there are different type of port like TCP and UDP. Should I close ALL (TCP and UDP, ...) the open (Listing) port to keep my computer save from hacking?

  2. How to close a port, if it is required?

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
user42037
  • 51
  • 2
  • Very broad question, but typically you would want to use something like ufw for a "user friendly" firewall. Keep in mind however, that no solution is 100% so you would be better to remove your computer from the suspect network. – coteyr Apr 11 '15 at 13:48
  • Thank you for your response. As I mentioned I want to know that Should I close all the opening ports???? Because I worry that if I close an inappropriate port, it cause problem for my system. – user42037 Apr 11 '15 at 16:01
  • Usually Deny first is the way to go. https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server – coteyr Apr 11 '15 at 16:27

1 Answers1

2

In principle, having open ports isn't a problem: all services that listen on network ports should require authentication. However, it's a good idea to block incoming connections that you don't need, in case you run a service that isn't set up properly, or you have an account with a weak password.

The low-level command to set up port blocking on Linux is iptables. There's a tutorial on the Ubuntu wiki. Here's an example usage which blocks all incoming connections except SSH, and allows all outgoing connections as well as connections using the network stack to communicate within the machine itself (which goes via the loopback interface).

#!/bin/sh
# Remove all existing input rules
iptables -F INPUT
# Accept all loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# Accept incoming packets on outgoing connections
iptables -A INPUT -m state --ESTABLISHED,RELATED -j ACCEPT
# Accept incoming SSH connections
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
# Reject everything else
iptables -A INPUT -j REJECT

If you want to use these rules, put them in a file like /etc/init.d/local_firewall, make it executable, and arrange for it to be executed at boot time. How to do that depends on the init system which in turn depends on the version of Mint.

Instead of using the low-level tool, you can use higher-level tools such as ufw (“uncomplicated firewall”). I'm not familiar with its syntax; here's a tutorial; it also has a GUI.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175