# gui tool for ports

## sk8harddiefast

any gui package to scan all ports in my gentoo system and open or close them if i want???

----------

## poly_poly-man

nmap for scanning, kill the services or run iptables for open/close.

no integrated gui.

----------

## cach0rr0

actually nmap *does* have a GUI

If you have USE="gtk" it will bring in the Zenmap frontend, and tuck it nicely into your Gnome or whatever else Applications menu  :Smile: 

but I've yet to find a decent GUI for iptables - well, not one that's freely available, and straightforward enough for basic home server/network use. 

I agree 100% though (for whatever my opinion matters!) that iptables is the correct way to do the blocking, and nmap is the best tool for scanning....hell, it's the best tool for a good many things. 

There are even some nifty iptables modules available in the kernel that allow you to do filtering based upon the process owner. 

 *Quote:*   

> 
> 
>  CONFIG_NETFILTER_XT_MATCH_OWNER:                                                        │  
> 
>   │                                                                                         │  
> ...

 

The other thing to look at, is under the GRSecurity settings if you use hardened-sources

GRKERNSEC_SOCKET

Description from menuconfig:

 *Quote:*   

> 
> 
>  If you say Y here, you will be able to choose from several options.                     │  
> 
>   │ If you assign a GID on your system and add it to the supplementary                      │  
> ...

 

There are a few choices if you have this selected

GRKERNSEC_SOCKET_ALL

 *Quote:*   

> 
> 
> If you say Y here, you will be able to choose a GID of whose users will                 │  
> 
>   │ be unable to connect to other hosts from your machine or run server                     │  
> ...

 

CONFIG_GRKERNSEC_SOCKET_CLIENT

 *Quote:*   

> 
> 
>   │ If you say Y here, you will be able to choose a GID of whose users will                 │  
> 
>   │ be unable to connect to other hosts from your machine, but will be                      │  
> ...

 

CONFIG_GRKERNSEC_SOCKET_SERVER:

 *Quote:*   

> 
> 
>   │ If you say Y here, you will be able to choose a GID of whose users will                 │  
> 
>   │ be unable to run server applications from your machine.  If the sysctl                  │  
> ...

 

Each of these options allows you to define a GID to deny whichever sort of sockets to. It can be a PITA for things that run as 'nobody', as that by default is 65534, but the functionality is there if you need it (however you may decide to use it!)

----------

