In UFW, how can I mitigate the danger of exposing needed port 53?
by liquidglass from LinuxQuestions.org on (#5KG4V)
I am right now trying to secure my system as best I can using UFW. (I might end up using Iptables, eventually, I guess.)
Right now it looks like this:
netstat -tupln
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:*
I know this is terrible (631 is totally unnecessary - I don't even need it), having both local and foreign ports at 0.0.0.0 . I need to change this ASAP, but how? I need UDP 53 for dhcp. From what I understand, those assigned ports can't be forwarded to another port, is that right?
(And as far as 631 and other print services, do I disable them in a text editor? This may be for another post, sorry.)
Thanks.
Right now it looks like this:
netstat -tupln
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:*
I know this is terrible (631 is totally unnecessary - I don't even need it), having both local and foreign ports at 0.0.0.0 . I need to change this ASAP, but how? I need UDP 53 for dhcp. From what I understand, those assigned ports can't be forwarded to another port, is that right?
(And as far as 631 and other print services, do I disable them in a text editor? This may be for another post, sorry.)
Thanks.