How to view port usage status and disable ports in Linux

Http://blog.csdn.net/wudiyi815/article/details/7473097

Premise: First, you must know that a port does not exist independently and is attached to a process. If a process is enabled, the corresponding port is enabled. if the process is disabled, the port is closed. If a process is enabled again next time, the corresponding port is enabled again. Rather than simply disabling a port, you can disable it.

1. You can use "~ $ Netstat-ANP "to check which ports are opened.
(Note: adding the '-n' parameter will applyProgramSwitch to port display, that is, address in digital format, such as NFS-> 2049, ftp-> 21. Therefore, you can enable two terminals to correspond to the port number of the program one by one)
2. Then you can use "~ $ Lsof-I: $ port "to view the program that applies this port ($ port indicates the corresponding port number ). You can also view the/etc/services file to find the service corresponding to the port.
(Note: Some ports cannot be found through netstat. The more reliable method is "~ $ Sudo NMAP-St-o localhost ")
3. to disable a port, you can:
1) disable the port through iptables, for example:
"~ $ Sudo iptables-A input-p tcp -- dport $ port-J Drop"
"~ $ Sudo iptables-A output-p tcp -- dport $ port-J Drop"
2) or shut down the corresponding application, the port is closed, for example:
"~ $ Kill-9 PID "(PID: process ID)
For example "~ $ Netstat-anp | grep ssh"
Displayed: TCP 0 127.0.0.1: 2121 0.0.0.0: * Listen 7546/ssh
Then :"~ $ Kill-9 7546"

(You can use "~ $ Chkconfig "view the activation status of system services)