Disable port programmatically

Started by peterwkc, July 11, 2022, 07:34:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 11, 2022, 07:34:40 AM
Dear all,
i want to disable port above 1024. I using sysctl last port but it seems not working. Any other approach?

Thanks. Please help.
July 11, 2022, 02:36:29 PM #1
Anyone please help me as I'm stuck with this issue. Please help. Thanks.
July 13, 2022, 12:18:58 AM #2
Anyone please help me as I'm stuck with this issue. Please help. Thanks.
July 14, 2022, 08:43:21 AM #3
Anyone please help me as I'm stuck with this issue. Please help. Thanks.
July 14, 2022, 08:59:58 AM #4
Please don't spam. There is an API firewall plugin (os-firewall) you can use. Since you wrote what you want but not how you want to achieve it: locally, remotely, cron, etc. the likelihood of someone helping you is slim.


Cheers,
Franco
July 15, 2022, 04:12:02 AM #5
I want to disable port locally via sysctl tunnable or system kernel.
July 15, 2022, 08:52:38 AM #6
What precisely do you mean by "disable port"? You want to prevent the firewall from using it? You want to block it for internal systems to connect to? You want to ...?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 19, 2022, 03:14:15 AM #7 Last Edit: July 19, 2022, 03:24:30 AM by peterwkc
I want to completely disable port above 1024 in terms of firewall or services usage. So that, no one can hack into my system. I tried with sysctl tunnable last port, it seem firewall still generate block rules from port above 1024.
July 19, 2022, 07:22:33 AM #8 Last Edit: July 19, 2022, 09:14:32 AM by pmhausen
This does not make sense. Every system uses ports >1024 for outgoing connections. There is no way to disable that other than not to have outgoing connections at all. Which would render your network useless.

The firewall blocks everything from WAN that is not explicitly permitted. If you see a block rule engaging for a high port, that means somebody tried to connect but could not. That means the firewall is doing its job. Additionally there are no public services listening on these high ports, anyway. At least not by default.

Whenever your desktop system accesses a web page it connects to port 80 or 443 of a web server. It needs a local port for that. So it picks a random free one above 1024. That's how it's supposed to work. A system on the internet cannot connect back to that port.

You cannot get "hacked" over a port that is blocked and then not even used by a service. You cannot prevent systems on the Internet throwing packets with arbitrary port numbers at you. That's why you have a firewall.

Pleade read some fundamental material on TCP/IP.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 19, 2022, 06:50:01 PM #9
Here's a free TCP/IP guide that talks about the basics of needing ports to communicate.

http://www.tcpipguide.com/free/index.htm
Print
Go Up Pages1
User actions