devildeluxxe said:Best way, close all not needed ports and if you need the port you can still open it easily with changing the firewall rules.
But in my opininon a port based firewall is not the ultimative soloution. You should show a package firewall to check incoming and outgoing packages.
MotherOfDragons said:I usually put a default drop policy and then allow ports I need, like SSH and HTTP(S) etc. Don't only do the drop policy first though, because you'll lock yourself out of being able to connect through SSH, which I totally haven't done before.