How to close open ports using a python script or a shell script in python ??
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to close open ports using a python script or a shell script in python ??
Code:
#!/usr/bin/env python
from socket import *
if __name__ == '__main__':
import sys
if ( len(sys.argv) != 2 ):
print "Usage: " + sys.argv[0] + " you must enter IP or FQDN as argument"
sys.exit(1)
targetIP = gethostbyname(sys.argv[1])
for i in range(20, 65535):
s = socket(AF_INET, SOCK_STREAM)
result = s.connect_ex((targetIP, i))
if(result == 0) :
print '%d' % (i)
s.close()
This code tells which ports are open on a computer !
Now if the code tells that prt 631, 50983 and 55783 are open, what should I do so that the user is asked which of the ports he wishes to use and then automatically close the other ports ???
All I know is that I can use "sudo ufw allow/deny <port>" ..... but how in a python script ??
ummmmm.... You probably don't want to attempt to do such a thing, because you are trusting "whoever might contrive to be running this program" to have the authority to use sudo!
Much better to inform him or her what ports are open, and then let the onus be upon them to close those ports by whatever means they deem to be appropriate.
This is an example of the confounding use of misleading terminology. The term 'open' makes it sound like there is some unguarded passageway into some computer, through which any and all data may pass. Nothing could be further from the truth. In reality, it means that some program has created a socket bound to a specific port, and is listening for distant clients to connect to the socket. The program that is listening (and nothing else) will handle the incoming traffic, and deal with it according to its purpose. Ports numbered below 1024, or some number thereabouts, are dedicated to specific services, and require root privileges to bind a socket to them. It is unlikely that these are untrustworthy. Other ports are available to non-root users, and again many of these have standard, conventional purposes. To 'close' any port described as 'open', would in most cases require you to kill the application that is listening on the open port(s).
The whole notion of 'open' ports being a matter of concern is, IMHO, overblown and probably perpetuated by cyber-Chicken-Littles.
You can, as you seem to point out with 'ufw' (which I assume is some sort of firewall tool), block network traffic in/out/through a host on the basis of ports, interfaces, protocols, sources and destinations. If that is what you want to do with your Python script, you should look at the use of iptables. Your Python script could craft iptables rules, and then invoke the iptables tool to create/delete/modify the rule set. Be aware that many services that most of us depend on routinely may be broken by blocking their network connections.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.