Just want to add, once you add one rule, you have closed the server to everything else. First rule to add should be to allow all traffic.
Then you start adding rules to allow just the traffic you want above the allow all rule.
You can then monitor the allow all rule to see what is going through and add rules to anything you want to allow.
Once you are satisfied that the remaining traffic, if any, you want to block, you delete the allow all rule.
But if you can, put the server behind an internal firewall. This will isolate the server from the clients and you only allow into this new secure zone the client traffic necessary.
I learned the hard way by adding a single rule and stopping all other traffic. Ouch!
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Charles Wilt
Sent: Friday, June 24, 2016 10:01 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: Implementing Port Restrictions
"closing a port" sounds more like something you'd do on a firewall.
In other words, FTP might be usable inside your network, but you don't want
to allow FTP from external to internal so you'd close port 21 on the
firewall. But in this day and age, your firewall should start out with
everything closed and you'd only "open" the ports you need.
"Closing a port" on a server simply doesn't make sense. If for instance
you don't want to allow FTP to a server, simply make sure that you're not
running an FTP server service on that server.
If there's nothing listing on port 21, then there's nothing to "close"
From a server perspective, you don't close ports. You simply make sure
you're not running any services you don't need.
The only other thing would be to restrict for example, port 21 traffic and
only accept it from certain internal IP address.
Charles
midrange.com
