1 Check the currently developed ports
#netstat-an
Suppose you found an unnecessary port of 631.
2 Find the port corresponding service
#lsof-I: 631
631 The corresponding service is CUPSD
3 View all Current services
#chkconfig –list
Found CUPSD's service name is Cups
4 Off Service
#/sbin/service Cups stop
5 Shutdown Service Auto start
If cups is started automatically with the server, you will also need to set the cups service to off.
#/sbin/chkconfig cups off
6. Close a port
1 through the Iptables tool to prohibit the port, such as:
"~$ sudo iptables-a input-p tcp--dport $PORT-j DROP"
"~$ sudo iptables-a output-p tcp--dport $PORT-j DROP"
2) or turn off the corresponding application, the port will naturally shut down, such as:
"~$ kill-9 pid" (PID: Process number)
such as: Through "~$ NETSTAT-ANP | grep ssh "
Show: TCP 0 127.0.0.1:2121 0.0.0.0:* LISTEN 7546/ssh
Then: "~$ kill-9 7546"
(You can view the open state of the system service through "~$ Chkconfig")
7. Open port
Iptables-a input-p TCP--dport 111-j ACCEPT
8. Develop discontinuous ports (including single):
Iptables-a input-p tcp-m multiport--dport 21,20-j
Others are closed:
Iptables-a input-p tcp-j REJECT--reject-with tcp-reset
Open Continuous Ports:
Iptables-a rh-firewall-1-input-m State--state new-m udp-p UDP--dport 8001:8140-j ACCEPT
can also directly modify the/etc/sysconfig/iptables, how to write, reference has begun mouth, or according to the above command to fill out
Reboot Iptables
Service Iptables Restart