closing afpovertcp port
Hello, I notice that when I have netatalk running, the afpovertcp port is open but since I only netatalk to network with MOL, I'd like to close the port to the outside world. I've tried looking in the usual places to do this, but can't figure out how to close the port. Any ideas? Thanks Joss --
On 11.04.2002 (d-m-y), Joss Winn wrote:
Hello, I notice that when I have netatalk running, the afpovertcp port is open but since I only netatalk to network with MOL, I'd like to close the port to the outside world.
I've tried looking in the usual places to do this, but can't figure out how to close the port. Any ideas?
Well, it depends on which kernel you are running, but you can close the AFPoverTCP port (548) by applying a special filter rule that makes your System "drop" incoming connections on port 548. If your system is running a 2.2series kernel you have to use the "ipchains" command, in case aof kernel 2.4.x you should have a look at "iptables". Both of them can be used to apply very powerful filtering rules to "secure" your system. hth, Christian -- Christian Schmidt schmidtc@chemie.uni-hamburg.de
Sorry for replying to Christian's response, missed the original message. * Christian Schmidt (christian.schmidt@chemie.uni-hamburg.de) [020411 11:53]:
If your system is running a 2.2series kernel you have to use the "ipchains" command, in case aof kernel 2.4.x you should have a look at "iptables".
You'll want something like the following if you don't already have any rules with chains: ipchains -I input -y --proto tcp -s 0.0.0.0/0.0.0.0 \ -d {ip of external interface} 548 -j DENY Access through the loopback interface we still be allowed. You'll probably need to load the ipchains module (echo "/sbin/insmod ipchains" >> /etc/init.d/boot.local && insmod ipchains). You may also want to look at the SuSEfirewall script wich makes it very easy to setup a nice packet filter. -- -ckm
participants (3)
-
Christian Schmidt
-
Christopher Mahmood
-
Joss Winn