Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Disable port programmatically
« previous
next »
Print
Pages: [
1
]
Author
Topic: Disable port programmatically (Read 2294 times)
peterwkc
Full Member
Posts: 112
Karma: 0
Disable port programmatically
«
on:
July 11, 2022, 07:34:40 am »
Dear all,
i want to disable port above 1024. I using sysctl last port but it seems not working. Any other approach?
Thanks. Please help.
Logged
peterwkc
Full Member
Posts: 112
Karma: 0
Re: Disable port programmatically
«
Reply #1 on:
July 11, 2022, 02:36:29 pm »
Anyone please help me as I'm stuck with this issue. Please help. Thanks.
Logged
peterwkc
Full Member
Posts: 112
Karma: 0
Re: Disable port programmatically
«
Reply #2 on:
July 13, 2022, 12:18:58 am »
Anyone please help me as I'm stuck with this issue. Please help. Thanks.
Logged
peterwkc
Full Member
Posts: 112
Karma: 0
Re: Disable port programmatically
«
Reply #3 on:
July 14, 2022, 08:43:21 am »
Anyone please help me as I'm stuck with this issue. Please help. Thanks.
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: Disable port programmatically
«
Reply #4 on:
July 14, 2022, 08:59:58 am »
Please don't spam. There is an API firewall plugin (os-firewall) you can use. Since you wrote what you want but not how you want to achieve it: locally, remotely, cron, etc. the likelihood of someone helping you is slim.
Cheers,
Franco
Logged
peterwkc
Full Member
Posts: 112
Karma: 0
Re: Disable port programmatically
«
Reply #5 on:
July 15, 2022, 04:12:02 am »
I want to disable port locally via sysctl tunnable or system kernel.
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: Disable port programmatically
«
Reply #6 on:
July 15, 2022, 08:52:38 am »
What precisely do you mean by "disable port"? You want to prevent the firewall from using it? You want to block it for internal systems to connect to? You want to ...?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
peterwkc
Full Member
Posts: 112
Karma: 0
Re: Disable port programmatically
«
Reply #7 on:
July 19, 2022, 03:14:15 am »
I want to completely disable port above 1024 in terms of firewall or services usage. So that, no one can hack into my system. I tried with sysctl tunnable last port, it seem firewall still generate block rules from port above 1024.
«
Last Edit: July 19, 2022, 03:24:30 am by peterwkc
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: Disable port programmatically
«
Reply #8 on:
July 19, 2022, 07:22:33 am »
This does not make sense. Every system uses ports >1024 for outgoing connections. There is no way to disable that other than not to have outgoing connections at all. Which would render your network useless.
The firewall blocks everything from WAN that is not explicitly permitted. If you see a block rule engaging for a high port, that means somebody tried to connect but could not. That means the firewall is doing its job. Additionally there are no public services listening on these high ports, anyway. At least not by default.
Whenever your desktop system accesses a web page it connects to port 80 or 443 of a web server. It needs a local port for that. So it picks a random free one above 1024. That's how it's supposed to work. A system on the internet cannot connect back to that port.
You cannot get "hacked" over a port that is blocked and then not even used by a service. You cannot prevent systems on the Internet throwing packets with arbitrary port numbers at you. That's why you have a firewall.
Pleade read some fundamental material on TCP/IP.
«
Last Edit: July 19, 2022, 09:14:32 am by pmhausen
»
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
lilsense
Hero Member
Posts: 600
Karma: 19
Re: Disable port programmatically
«
Reply #9 on:
July 19, 2022, 06:50:01 pm »
Here's a free TCP/IP guide that talks about the basics of needing ports to communicate.
http://www.tcpipguide.com/free/index.htm
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Disable port programmatically