From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id BD9752002A9 for ; Wed, 10 Oct 2012 10:22:18 -0700 (PDT) Received: by mail-wi0-f181.google.com with SMTP id hq12so800061wib.10 for ; Wed, 10 Oct 2012 10:22:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=HECDMcCdkMIeNNQpsP2xx6ayQUj0Lbw7zxEtkZnBC1s=; b=F12R2aIiidllVacXsfkm68ZpPVBUg7vqs2yE81IRi6BnIQTpBTeshbgywZaSejKv25 UrL1uUZF+PA4uP3pZclemD96NijQm5i3YjSvWhJeYezheaZU2LCRUMzXsA5dL/chRilJ nBgJyKtaUAQ0G54TsULIxG7BErv/dAwdFDjQ3DP9m/F7430HgMfen53Yj2H6G7SIRlw9 hZyhpGe9X60XsDKamJHeMufjFy3NX0mTHuwoRYqE+dUmkj94XO46rhrm5G3YO5wxNofs cHDcDSzzqPR7ygn/X94FSJafqhV5G9OaEWQvRyth/n88LEXIwFGGH0IGCnTinuxdeOhP +StA== MIME-Version: 1.0 Received: by 10.216.194.26 with SMTP id l26mr9994255wen.17.1349889736641; Wed, 10 Oct 2012 10:22:16 -0700 (PDT) Received: by 10.223.129.135 with HTTP; Wed, 10 Oct 2012 10:22:16 -0700 (PDT) In-Reply-To: <6CE74534-FA74-422A-8718-92855EA77BEA@kendrickonline.org> References: <6CE74534-FA74-422A-8718-92855EA77BEA@kendrickonline.org> Date: Wed, 10 Oct 2012 10:22:16 -0700 Message-ID: From: Dave Taht To: Shannon Kendrick Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] How to close default open firewall ports in 3.3.8 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Oct 2012 17:22:19 -0000 Several ports are open, but filtered, using various means. Does this tool not show filtered? For example, rsync and ssh are enabled but the default settings in /etc/xinetd.conf prohibit access via any but your internal private ips. Telnet and ftp ports (not services) are enabled, but are there to trigger sensors to disable other services in the advent of an attack from inside or outside of your firewall. You can close ports more fully to the outside world via the gui, editing /etc/config/firewall and/or do finer grained access control via /etc/xinetd.conf and /etc/xinetd.d/ The web port (80) defaults open, the web configuration port (81) does not. The intent here is to enable you to put up your own local web pages. See the onboard and wiki documentation for more details. Thx for trying cerowrt! On Wed, Oct 10, 2012 at 8:44 AM, Shannon Kendrick wrote: > What's the best resource for learning how to configure the firewall to cl= ose the ports that are open by default? I installed 3.3.8-26 "sugarland" i= nto a brand new WNDR3800 to be used as my home router, and I immediately ra= n ShieldsUp!! (grc.com) and noticed open ports. However, I'm at a loss as = to how to close them. > Thanks, > Shannon Kendrick > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html