How to deny access to unsecure ports in the network services or firewall settings?


Hi again,
I am migrating from opensuse to nethserver. Actual I am working on migrating my firewall settings.
I have seen that you can do some settings at the network services tab. But there you can only allow or deny dovecot with all ports(110,143,4190,993,995). Same thing with HTTP. I want to allow only secure ports.

I tested with creating a firewall rule with deny on port 110, but that didn’t work. I think because the network settings override my own firewall rule.

Is there any way to implement this?

By the way if you create a zone with the same subnet as your eth0 or eth1 the nethserver isn’t reachable anymore until you stop the shorewall service. Perhaps you can check this and give out a error message if somebody would like to do that.

Hope you can help me.

Thank you!

Facebook blocking
(Alessio Fattorini) #2

AFAIK Network Services panel is the way


As written above, you can only allow the whole portrange. I want to allow/deny single ports.
For the meantime I have create a custom-template but this is not the way it should be.

(Artem Fedai) #4


To disable 110 port you need :

[root@nethserver ]# config setprop dovecot TCPPorts 143,4190,993,995
[root@nethserver ]# signal-event nethserver-mail-common-update

[root@nethserver dovecot]# netstat -plane | grep 110
tcp        0      0       *                   LISTEN      0          2585346    2139/dovecot
tcp        0      0 :::110                      :::*                        LISTEN      0          2585347    2139/dovecot

To disable 80 port you need:

config setprop httpd TCPPorts 443
signal-event nethserver-httpd-update

Finnaly run :

signal-event nethserver-firewall-base-update


Great, thank you!!!
This is exactly what I have searched for.