> Now I have to deal with the jerks. I started out running with no firewall
> (not comfortable with that) and have the typical ssh probes. I didn't want
> to try to mess with a firewall and end up blocking something mimedefang
> and/or spamassassin was doing. Here is a list of ports I've accumulated. I
> have two questions:
> a) Please let me know if I've missed anything.
> b) If I do miss something, how will it make itself known? maillog? some
> other log?
Well, why don't you get a list of listening ports:
TCP ports: netstat -a -t -n | grep LISTEN
UDP ports: netstat -a -u -n | grep '0 0.0.0.0:'
(The UDP line might only work on Linux. It certainly assumes IPv4. :-))
Once you have the list of listening ports, figure out what each one does
and whether or not you want it open (and indeed whether anything really
should be listening on that port!)
If you plan on blocking outbound traffic as well as inbound, you'll
need to carefully figure out what you need. TCP/25, UDP/53, TCP/53,
UDP/123, come to mind at once. There are probably many others.
If you do block traffic, you should log as well. Then keep an
eye on your firewall logs to see if you've accidentally blocked
something that should have been left open.
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.