To save reduntant clicking, the Digg story points to a post on another forum. Much of the information in that post is not strictly wrong but it certainly is misleading. For instance, it's very unlikely that you will actually want port 3306 open, even if you are running MySQL. Most web servers connect to MySQL through a UNIX socket and don't require net-based access at all. If you leave that port open and have MySQL listening on it, you could allow an attacker to get access to your MySQL database without needing shell access to your server. You only need to have ports open if you are running the relevant service so unless you are running a mail server, ports 25, 110, 995, 143 and 993 can remain closed. On the other hand, if you aren't running a service, it won't matter whether the port is open or not... you still won't be able to connect to anything. Firewalls are particularly good at allowing only certain people to access your box. For instance, you could open up MySQL (3306) and Cpanel (2082) to your home IP address and block it for everyone else or block port 22 for that pesky hacker that keeps trying to brute force your root password. Better yet, you can rate limit certain connections, so that bot that keeps crawling your site too fast can have its bandwidth limited to 2kB/s so that everyone else can have their fair share. If you don't know what a service does... you could look it up and learn about it... or you could just switch it off and see if you really need it. There's also the official list of well known port numbers available. As the post mentions, if you mess up your firewall configuration it is possible lock yourself out of your box. The easiest trick to avoiding this is to keep your firewall configuration in a shell script and have this as the first line: at now + 10 minutes -f ./firewall_last_known_good.sh Code (markup): Which will run the script that describes your last known good configuration in ten minutes. That way, if you screw up, you just have to wait ten minutes rather than having to drive out to your datacentre. When you want to make the changes final, just copy the new version over the top of the last known good configuration file.
bah, who needs that. :> yum install nmap nmap -sTU 127.0.0.1 will show you all ports open on the system, just ensure you open the ports in your firewall configuration.
you can also use, which will show all ports. sometimes nmap will not show all open ports above certain limit.
I'm not sure why you would use nmap on the localhost. nmap is designed for figuring this stuff out when you can't get onto the box. It's like using a telescope to see the guy standing next to you. If you're on the host, simply running "netstat -an | grep LISTEN | grep tcp" will give you a list of all the processes that are listening to the network and which ports they are listening on.