1. Add\Disable ports
Modify the configuration file command:
vim /etc/sysconfig/iptables
Add:
iptables -A INPUT -p tcp –dport
port -j DROP
Start the service:
/etc/init.d/iptables restart
2. View open ports
netstat -nupl (UDP type port)
netstat -ntpl (TCP type port)
a means all
n means do not query dns
t means tcp protocol
u means udp protocol
p means query occupied programs
l means query listening programs
netstat -ntpl | grep 3306 //This means to find the process in the listening state with port number 3306
[root@home ~]# netstat -ntpl | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 25302/mysqld
[root@home ~]# netstat -nupl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 172.18.1.143:123 0.0.0.0:* 1526/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 1526/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 1526/ntpd
[root@home ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6369 0.0.0.0:* LISTEN 3284/beam.smp
tcp 0 0 0.0.0.0:18083 0.0.0.0:* LISTEN 3284/beam.smp
tcp 0 0 127.0.0.1:8743 0.0.0.0:* LISTEN 26488/java
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 19651/sendmail
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 24538/nginx