ports and protocols

1. disable all INPUTFORWARDOUTPUT to open only some ports. The following is the command implementation: iptables-PINPUTDROPiptables-PFORWARDDROPiptables-POUTPUTDROP and then use the command iptables-L-n to check whether the settings are correct. you can see that all the settings have been dropped. 1. disable all input forward output and only open it to some ports.The following is a command implementation: Iptables-P INPUT DROPIptables-P FORWARD DROPIp

input 2Delete the rule with INPUT Chain number 2. Click iptables-L-n to check whether it has been cleared.5. Filter invalid data packetsAssume that someone enters the server or has a virus Trojan program, it can transmit data outside the server through port.This method is different from the normal access to port 22 and 80. The data it sends to the external server is not sent by visiting the webpage.The response packet. We will disable all the packets that are not responded through the request a

--0.0.0.0/0 0.0.0.0/0 TCP spt:22Now the Linux server only opened 22 ports, with Putty.exe test whether you can link up.Can be linked up, stating that there is no problem.Finally, don't forget to save your firewall settingsSave by Command: Service iptables saveIptables-a input-p TCP--dport 22-j ACCEPTIptables-a output-p TCP--sport 22-j ACCEPTDo some explaining to these 2 commands.The-a parameter is considered a rule to add an INPUT

The SELinux security control of Linux is used for ports in addition to the file system, which enables processes that are started as services to be monitored only on a specified number of ports. For the narrative convenience we call the controlled port.Nginx Monitor PortTo see which managed ports are currently executable:grep ' ^http_port_t ' http_port_t

1. disable all INPUTFORWARDOUTPUT to open only some ports. The following is the command implementation: iptables-PINPUTDROPiptables-PFORWARDDROPiptables-POUTPUTDROP and then use the command iptables-L-n to check whether the settings are correct. then, we can see that all the settings have been dropped, 1. disable all input forward output and only open it to some ports. The following is a command implementat

CentOS commands for viewing IP addresses, modifying IP addresses on ports, and activating ports You know, you get used to ipconfig in windows, and it is a lot of trouble to view IP addresses in CentOS; The information collected today focuses on IP port problems: View IPIfconfig eth0 → view the IP address, but the output information is moreIfconfig | grep 'bcast' → the output information should be much cle

software cannot find it. Please confirm the server first.Whether you are open and necessary. If not, disable it. Close port 4899:Enter cmd (command below 98) in start --> run, and then cd C: winntsystem32 (your systemEnter r_server.exe/stop and press Enter.Then input r_server/uninstall/silence To C: winntsystem32(system Directory], delete three files: r_server.exe admdll. dll radbrv. dll. Port: 1. First, use the fport command to determine the location of the program listening on

From:http://www.myhack58.com/article/sort099/sort0102/2011/31781.htm1. Close all INPUT FORWARD OUTPUT only for certain ports.Here is the command implementation:Iptables-p INPUT DROPIptables-p FORWARD DROPIptables-p OUTPUT DROPThen use the command iptables-l-N to see if it's set up, good-looking to all DROPSuch a setup, we are only temporary, restart the server or will restore the original not set the stateand save with service Iptables saveSee information firewall rules Firewall rule is actually

port number you found in the previous step, or you can use the taskkill/pid PID command to kill the process. {taskkill/pid + the process number you want to kill}Use TASKLIST/FI "pid eq 5764" command to view process number corresponding to process informationTomcat Port Occupancy workaroundIf the front-end port is not occupied and is later occupied, you can go to the D:\tomcat-5.5.26\bin to execute shutdown.bat, so that the occupied port is releasedNTSD cannot kill the process: only System,SMSS.

Query port number 80 to open: Firewall-cmd --query-port = the / TCPpermanently open 80 Port number: firewall-cmd--permanent--zone=public --add-port = the / TCPRemoving the 80 port number:firewall-cmd--permanent--zone=public --remove-port= TCP--zone #作用域 --add-port=80/tcp #添加端口 in the format: port/Communication protocol --permanent #永久生效, no failure after this parameter is restarted View firewall StatusSystemctlStatusFirewalld.serviceStart | Close | Restart FirewallSystemctl[ start|

Sometimes we have Tomcat installed on the service Linux server (port number 8080), and the company's requirement is to enter the URL without adding a port number to access it, which means that the browser has to access your Tomcat (port 8080) via port 80, for which there are two solutions: 1. The Linux system prohibits 10,241 ports from being used by non-root users, then you must log on with root to start Tomcat modified to port 80 (note: directly in

Python scans server ports in batches, and python scans server ports in batches. I wrote a simple Port Scan script in Python. The simple logic is as follows: 1. python DetectHostPort. py iplist.txt (stores the text of the IP address list to be scanned, one address per line) 2. Enter the scan port, scan time, and scan interval. 3. Output scan information. The source code is pasted below. You are welcome to m

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/46/4F/wKiom1PxtLuT8uDNAA7b5gUf4EM726.bmp "title=" Three layer switch different VLAN interworking. bmp "alt=" Wkiom1pxtlut8udnaa7b5guf4em726.bmp "/> Purpose: Two three-layer switches hang different VLANs for interoperability, all ports are access portsAfter the configuration is complete, 10.86.3.50 can ping any networked IP that resides on the device.LSW4 configuration:#sysname Huawei#VLAN Batc

Step one, Windows view all portsClick Start in the lower left corner of the computer, then select the Run option, and then in the popup window, enter the "cmd" command to make the command prompt. Then we enter "Netstat-ano" in the window and press ENTER, which will show all the port usage. ：Step two, query the specified port occupancyIn the window, continue to enter the "Netstat-aon|findstr" Prompt Port "", for example, the prompt port is 9088, then the input command is "NETSTAT-AON|FINDSTR" 908

[password]]][/M [module] |/svc |/v] [/FI Filter] [/FO format] [/NH]Describe:This tool displays a list of processes currently running on a local or remote machine.Parameter list:/S system Specifies the remote system to which the connection is connected./u [domain\]user Specifies the user context in which the command should be executed./p [Password] specifies the password for the provided user context. If omitted, promptInput./M [Module] lists all tasks that currently use the given Exe/dll name.I

The firewall sets open ports for external use, and the Firewall opens ports for external use. When deploying the project today, I met another person in the project team who reorganized iis on the server. As a result, I couldn't access the subordinate project externally and found the setting method through some channels. The following error is reported: The reason is that the "Inbound ICMP rule" has bee

Linux open ports, linux open ports In Linux, the server cannot be connected when software access is installed. In this case, check whether the corresponding port is enabled. For example, after svn is installed, unable to connect: When the svn service is started, you Can use commands on the server to check out the files, but the files cannot be checked out on other computers. The following prompt is displaye

You know that ipconfig is used to in windows, and it is a lot of trouble to view IP addresses in CentOS. The information collected today focuses on IP port problems: View IPifconfigeth0 rarr; check the IP address, but the output information is more ifconfig | grep #39; Bcast #39; rarr; the output information should be clear and the IP address should be modified. You know, you get used to ipconfig in windows, and it is a lot of trouble to view IP addresses in CentOS; The information collected

Edit/etc/sysconfig/iptables, add- s 127.0.0.1 --dport 6379-J Accept-s 126.212.173.185 --dport 6379-j ACCEPTThe above add red place is only to the local and 126.212.173.185 open 6379 port, other IP with Telnet is not connected,If there is no limit to access IP, you do not need to add the- s IP address , for example-A input-m state--state new-m tcp-p TCP--dport 6379-j ACCEPTYes, be sure to add it at the end-A input-j REJECT--reject-with icmp-host-prohibited-A forward-j REJECT --reject-with icmp-ho

For details about how to identify the extended serial port-Linux general technology-Linux technology and application information when installing centos on a multi-serial motherboard, refer to the following section. I bought a multi-serial control board with Intel Atom D525 CPU. It is estimated that multiple serial ports are extended through the PCI-e bus. After CentOS is installed, you cannot identify the extended serial port automatically. How can th