Opening and closing ports in Linux…
June 7, 2007 8 Comments
I have recently shifted to Ubuntu 24/7, when I am not in office and was setting it up for Bittorrent to work. Linux is awesome because it’s closed most of the time. Consequently to set up and run Bittorrent files, you need to have the torrent ports – [6881-6999] open.
So, what do you do to make sure that they are open when you require them to be and closed when you don’t want them to be. Of course, you don’t need to open all the ports as well.
You need to go to IPTABLES and give this particular command
sudo iptables -A INPUT -p tcp --dport 6881 -j ACCEPT
This means – Append a line for the option INPUT, for the protocol [-p] tc for the destination port [--dport] 6881. Accept the packet that is coming from there.
And to close the port -
sudo iptables -A INPUT -p tcp --dport 6881 -j DROP
Now, if you wanna download a couple of torrent files, you need to keep at least 5-10 ports open as torrent clients check for the ports 6881-6999 in the increasing order.
I typically keep 6881-6999 open when I wanna download torrents.
So, that would mean typing the aforementioned code 10 times and to close the ports when not needed [i.e.] another 10 times.
Here in comes the beauty of shell script and attached here – are 2 shell scripts that I use to open and close the ports when I wanna download the torrents and then block them!
Accept_Torrent_Ports
# Shell script to accept Torrent Ports from 6881 to 6889
# Author: Guru Panguji
# Date: 03-June-2007
clear
echo "Will open Torrent Ports from 6881-6889"
echo "Use ./Drop_Torrent_Ports to close the Ports"
sudo iptables -A INPUT -p tcp --dport 6881 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 6882 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 6883 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 6884 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 6885 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 6886 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 6887 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 6888 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 6889 -j ACCEPT
Drop Torrent Ports
# Shell script to accept Torrent Ports from 6881 to 6889
# Author: Guru Panguji
# Date: 03-June-2007
#
clear
echo "Will close Torrent Ports from 6881-6889"
echo "Use ./Accept_Torrent_Ports to open the Ports"
sudo iptables -A INPUT -p tcp --dport 6881 -j DROP
sudo iptables -A INPUT -p tcp --dport 6882 -j DROP
sudo iptables -A INPUT -p tcp --dport 6883 -j DROP
sudo iptables -A INPUT -p tcp --dport 6884 -j DROP
sudo iptables -A INPUT -p tcp --dport 6885 -j DROP
sudo iptables -A INPUT -p tcp --dport 6886 -j DROP
sudo iptables -A INPUT -p tcp --dport 6887 -j DROP
sudo iptables -A INPUT -p tcp --dport 6888 -j DROP
sudo iptables -A INPUT -p tcp --dport 6889 -j DROP
so you’re a code genius too. ooh. never knew this side to your psyche.
Note: not a code genius, but I can work my way around =P!
i am a final year IT student who doesnt know how to use Linux. aha…lets see how much lower you can try to go by trying to beat me on that. (even modesty has its limits)
Hey
So you got yourself into Ubuntu ! Always wanted to know how its like since I saw the cool demo videos which showed how you could switch desktops in a 3D manner.
Is this hot competition for Vista ?
@ Anjanesh: Well Ubuntu is not that great as far as eye candy unless u install Beryl/Compiz. Yeah the 3d workspaces is kinda cool! =)!
However, competition for Vista really depends. Things are a lot better with 7.04 especially with support for wireless off the box. It’s still not the desktop that’s as easy as Windows. It’s a lot faster however with some o the simple things like reading the contents of a DVD.
So well, it’s a different experience, at times a lot better, at times pretty bad. Ubuntu was never released as a competitor =)!!
For its price [free] it’s definitely a good option to consider
Funny :http://linux.slashdot.org/article.pl?sid=07/06/22/151233
you can use –dport 6881:6889
hey guru,how can i hide my port so that it doesnt show in nmap?
ne idea?