[CentOS] nmap showing lots of ports open that shouldn't be

Mon Feb 13 08:21:57 UTC 2006
Will McDonald <wmcdonald at gmail.com>

On 12/02/06, Jim Bassett <jim at datamantic.com> wrote:
> What is the canonical way to get a list of all open ports from the
> command line? Or maybe it's not so straightforward?

$ netstat -ln

Though netstat -a | grep LISTEN should give the same result I'd have thought.

> Someone else suggested running netstat -a | grep LISTEN, and that
> indeed shows only services I would expect.
> I understand that iptables is very powerful, and therefore not the
> easiest tool to use. But I would guess that the setup I want is
> pretty standard. I've found a bunch of info in google and I am
> digging in, but are there some iptables cookbook type recipes for a
> basic web/mail/dns server anyone could point me to?

The O'Reilly Linux Server Security book covers firewalling in quite an
easy to understand fashion and there's a decent bastion host firewall
script which is well commented...