linux如何关闭无用端口/Linux禁用111端口

收到机房发来预警，就是说你的机器端口111开着，会引发Ddos攻击啥的，安全起见还是禁用掉没用的端口。

> Dear Sir or Madam,
>
> the Portmapper service (portmap, rpcbind) is required for mapping RPC
> requests to a network service. The Portmapper service is needed e.g.
> for mounting network shares using the Network File System (NFS).
> The Portmapper service runs on port 111 tcp/udp.
>
> In addition to being abused for DDoS reflection attacks, the
> Portmapper service can be used by attackers to obtain information
> on the target network like available RPC services or network shares.
>
> Over the past months, systems responding to Portmapper requests from
> anywhere on the Internet have been increasingly abused DDoS reflection
> attacks against third parties.

下面简单记录下禁用111端口过程。

1）、查看本机正在监听的端口：

root@Proxmox-VE / #  netstat -tlnup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8006            0.0.0.0:*               LISTEN      1550/pveproxy
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      683/rpcbind
tcp        0      0 127.0.0.1:85            0.0.0.0:*               LISTEN      1509/pvedaemon
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      4957/sshd
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN      1582/spiceproxy
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1429/master
tcp6       0      0 :::111                  :::*                    LISTEN      683/rpcbind
tcp6       0      0 :::22                   :::*                    LISTEN      4957/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      1429/master
udp        0      0 0.0.0.0:111             0.0.0.0:*                           683/rpcbind
udp        0      0 0.0.0.0:859             0.0.0.0:*                           683/rpcbind
udp6       0      0 :::111                  :::*                                683/rpcbind
udp6       0      0 :::859                  :::*                                683/rpcbind

2）、查看正在监听的111端口，由哪个服务使用

root@Proxmox-VE / # cat /etc/services | grep -w 111
sunrpc          111/tcp         portmapper      # RPC 4.0 portmapper
sunrpc          111/udp         portmapper

3）、查看使用111端口服务的详细状态信息

root@Proxmox-VE / # systemctl list-unit-files --all |grep portmapper
root@Proxmox-VE / #  systemctl list-unit-files --all |grep rpcbind
rpcbind.service                        enabled
rpcbind.socket                         enabled
rpcbind.target                         static

4）、关闭正在使用111端口的服务，并设置开机不启动该服务

root@Proxmox-VE / #  systemctl stop rpcbind.socket
root@Proxmox-VE / #  systemctl disable rpcbind.socket
Removed /etc/systemd/system/sockets.target.wants/rpcbind.socket.

操作完毕后，再看看111端口禁用了

教程参考：https://www.wandouip.com/t5i283482/