[H-GEN] Firewall configuration on a remote machine

Stephen Thorne stephen at thorne.id.au
Wed Feb 9 01:00:04 EST 2011

On 2011-02-09, gavin duley wrote:
> On 9 Feb 2011, at 13:18, Stephen Thorne wrote:
> > On 2011-02-09, gavin duley wrote:
> >> Should I be as paranoid as I am about installing shorewall on a remote
> >> system?  If I should avoid shorewall, what are my other options?
> >> (other than learning iptables).
> > 
> > Your best option:
> > 
> > Run exactly zero non-essential services listening for connections on
> > ips other than or ::1.
> This is more-or-less what I've been doing so far. Having a quick look
> with netstat, I can see one or two services I don't recognise,
> probably things that Debian "helpfully" installed for me. 
> Any suggestions as to where I could look them up to see what they are,
> and therefore how to disable them? I could post them to the list, but
> that might turn out to be publicly listing vulnerabilities on my
> server. This would seem to be a bad idea.

netstat -tunpl

Program name is the rightmost column, if you're looking at ipv6, ::: is
public, ::1 is localhost, 

Stephen Thorne
Development Engineer
Netbox Blue

More information about the General mailing list