Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: jinniferb
jinniferb Author
User level: Level 2
156 points

Closing ports?

I ran a port scan on our 10.6.8 SL server (the Firewall was off at the time of the scan), I compared the list of open ports to the list of the services they were associated with vs. which ports we actually need to have open. There were a few "rogue" ones though that seemed like they should need to be closed.


Unfortunately (port 7001, for example) these port numbers aren't showing up in the list of Services in the Firewall service in Server Admin.


How would I go about closing ports that aren't even listed by the server? Is there a Terminal command for that?


Thanks in advance!

Posted on Jan 20, 2012 9:46 AM

Reply
Question marked as Best reply
User profile for user: Camelot
Camelot
User level: Level 9
54,333 points

Posted on Jan 20, 2012 10:38 AM

How would I go about closing ports that aren't even listed by the server? Is there a Terminal command for that?


Before you close them you kind of need to know which application is using them. Only then can you decide if it's needed, and whether or not it should be closed. Just because a port is open that doesn't necessarily mean there's a problem.


This will show you the process that's using any given port number:


sudo lsof -i :<port number>

View in context
3 replies
Question marked as Best reply
User profile for user: Camelot
Camelot
User level: Level 9
54,333 points

Jan 20, 2012 10:38 AM in response to jinniferb

How would I go about closing ports that aren't even listed by the server? Is there a Terminal command for that?


Before you close them you kind of need to know which application is using them. Only then can you decide if it's needed, and whether or not it should be closed. Just because a port is open that doesn't necessarily mean there's a problem.


This will show you the process that's using any given port number:


sudo lsof -i :<port number>

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
116,643 points

Jan 20, 2012 12:12 PM in response to jinniferb

You could install and use a network gateway; a perimeter firewall. Use that at the edge of your network.


Preferably a gateway with NAT and VPN server capabilities, among other features.


As for your question, it depends. When you want to shut down the specific components that have the ports open, well, how you do that depends on which particular service, what Mac OS X Server is doing with it, and how the particular service is managed.


TCP port 7001 might be a QuickTime Streaming server, or it might well be some other server that's active.

Reply

Closing ports?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up