How to deny access to unsecure ports in the network services or firewall settings?

Support
1

Hi again,
I am migrating from opensuse to nethserver. Actual I am working on migrating my firewall settings.
I have seen that you can do some settings at the network services tab. But there you can only allow or deny dovecot with all ports(110,143,4190,993,995). Same thing with HTTP. I want to allow only secure ports.

I tested with creating a firewall rule with deny on port 110, but that didn’t work. I think because the network settings override my own firewall rule.

Is there any way to implement this?

By the way if you create a zone with the same subnet as your eth0 or eth1 the nethserver isn’t reachable anymore until you stop the shorewall service. Perhaps you can check this and give out a error message if somebody would like to do that.

Hope you can help me.

Thank you!

1 Like
2

AFAIK Network Services panel is the way
http://docs.nethserver.org/en/latest/base_system.html?highlight=services#network-services

3

As written above, you can only allow the whole portrange. I want to allow/deny single ports.
For the meantime I have create a custom-template but this is not the way it should be.

4

@Linux4All

To disable 110 port you need :

[root@nethserver ]# config setprop dovecot TCPPorts 143,4190,993,995
[root@nethserver ]# signal-event nethserver-mail-common-update

[root@nethserver dovecot]# netstat -plane | grep 110
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      0          2585346    2139/dovecot
tcp        0      0 :::110                      :::*                        LISTEN      0          2585347    2139/dovecot

Pasted image1208×85 10.7 KB

To disable 80 port you need:

config setprop httpd TCPPorts 443
signal-event nethserver-httpd-update

Pasted image1242×146 12.9 KB

Finnaly run :

signal-event nethserver-firewall-base-update
2 Likes
5

Great, thank you!!!
This is exactly what I have searched for.