On 12/02/06, Jim Bassett <jim at datamantic.com> wrote: > What is the canonical way to get a list of all open ports from the > command line? Or maybe it's not so straightforward? $ netstat -ln Though netstat -a | grep LISTEN should give the same result I'd have thought. > Someone else suggested running netstat -a | grep LISTEN, and that > indeed shows only services I would expect. > > I understand that iptables is very powerful, and therefore not the > easiest tool to use. But I would guess that the setup I want is > pretty standard. I've found a bunch of info in google and I am > digging in, but are there some iptables cookbook type recipes for a > basic web/mail/dns server anyone could point me to? The O'Reilly Linux Server Security book covers firewalling in quite an easy to understand fashion and there's a decent bastion host firewall script which is well commented... http://examples.oreilly.com/linuxss2/ Will.