susefirewall leaves open ports??????

[tyfon]

Ok i have configured my susefirewall (i think correctly) and then did an nmap localhost: i have 5 open ports (ssh,x11,smtp,etc)...how can that happens? In fact I am used to zone alarm when i was asked about every port which was about to open..now i dont get any messages..is it possible to configure (or to find another) firewall so as to ask me about everything? And how do i disable sevices (esp X11 and smtp)?
Also when I have these ports opened it means i have them as server apps or as client ones?
Is there any prog to automatically delete all cookies every time I finish internet connection?

[extremez]

It depends whether they are low well known ports or not. If smtp is port 25, then your running an email server. The firewall is letting these services through so they can be used. You need to go to your system services and stop the ones you don't want, then maybe try putting your firewall on high, it probably is defaulted to a moderate setting.

[tyfon]

Where exactly should i go to stop the services i dont want? I conf the firewall manually not automatically...

[extremez]

WWW.GOOGLE.COM WWW.GOOGLE.COM WWW.GOOGLE.COM WWW.GOOGLE.COM

Research first ask questions later. Even if you don't have access to the internet, it shouldn't be too hard to find it if you're using X, look around in the system settings/preferences, try apropos services from the command line.

SPELLED OUT:

search for: suse stop services - gives the answer in first 5 search results.

[n01100110]

If you want to disable your mail server, find it in xinetd.d or inetd, whatever your using..And remove whatever entry you need to remove for it to stop at bootup...And delete the daemon itself, so that in the future it doesn't get activated again by accident...What I do from my system, since I boot in runlevel 3, when i get to the terminal if i want to start x, i'll type

startx -- -nolisten tcp

then, x will start without the port listening..Add alias startx='startx -- -nolisten tcp' to your $HOME/.profile for it to not listen next time you login..
But in case you want a smtp server listening, but you want to control the access levels, look into tcp wrappers located in /etc/hosts.allow and /etc/hosts.deny...Hope i gave a helping hand...

[phishphreek]

Also, where did you do your scan from? If you did it from the machine with the firewall, and you allow the the machine with the firewall, then thats why they could be showing up.

If you did it from a remote machine that the rules are supposed to block... then you have to look at your rules and reconfigure.

I believe in SuSE you can use yast2 and edit the runlevel properties of which services to start/stop. You have to know what runlevel you are booting to.

[gore]

Easy killer. No one can connect to those ports untill you tell the firewall they can anyway. Open YAST and find run levels. It's towards the bottom on the left where you choose things in YAST....I can't remember fof hand which setting it is, but when you see something called run levels, click on that. Then click on edit run level properties. 5 Is the default and you should see SSHd and all the others running.

ONLY DISABLE SSH, and the others you are SURE of. Some of those NEED to run for the system. You could have figured out it didn't allow you to connect by using another machine with putty or SSH and trying to connect. You have to tell the firewall to allow a service. If you don't, it will still show up, but not allow a connection to be made.

Now, take a deep breath, and repeat after me 5 times:

I will not doubt SuSE, the firewall SuSE firewall2, or gore, and I will remain calm when something seems like it's not working, and I will relax and ask gore for all my SuSe troubles, and if he is not sure, I will contact SuSE via Email and ask them. I will not flip over what I do not understand. gore owns me

Feel better now? Good, relax man.

For all users new to SuSE Linux:

SuSE Linux, being one of the best OSs in the entire world, is mainly controlled by YAST2, a tool that makes RHN look like Microsoft's notepad comparing to Vi. Also, you may also edit configuration files the Slackware way by hand. YAST2 makes moving to Linux alot easier.

I recommend you open YAST2 and look around. Look at everything. Don't play with things untill you are sure of them, or want to learn in this way, but if you are afraid of screwing something up, just look and not touch. after you have YAST2 down, it's easy.

[netRealm]

Besides all this, nmap localhost is different from nmap <ip address of machine>.
nmap localhost scans the 127.0.0.1 loopback interface.

[Edit]
nmap <ip address of machine> is what the outside world will see.

[tyfon]

Thaaanks!Also:
To:
extremez: ok i know stfw
gore:i repeated everything you said and now really feel better...
to all:again thanks
Did I thank you?
Thank you
Byeeeeeeee
PS:thanks
Ps2:gore,should i follow everything you said???????Even the gore-owns-me-thing???????

[gore]

Originally posted here by tyfon
Thaaanks!Also:
To:
extremez: ok i know stfw
gore:i repeated everything you said and now really feel better...
to all:again thanks
Did I thank you?
Thank you
Byeeeeeeee
PS:thanks
Ps2:gore,should i follow everything you said???????Even the gore-owns-me-thing???????

Yes! And send me all of your money too! Then you will truely be happy.