How to "close" open ports?

A few days ago I started to care a lot about my data security, I end up nmaping myself with: nmap 127.0.0.1 Surprise, surprise, I have lots of active services listen to localhost: $ nmap 127.0.0.1 Starting Nmap 5.21 ( http://nmap.org ) at 2013-05-05 00:19 WEST Nmap scan report for localhost (127.0.0.1) Host is up (0.00025s latency). Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds The only one that I *might* use is ssh (although it is probably not well configured, I will keep this matter to another question). As far as I know ipp protocol is used by CUPS to share my printers, I don't need to share them, just access printers from a server. This is the output of netstat -lntup by the root user, removing the localhost addresses: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 497/sshd tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN 2217/dropbox tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 892/smbd tcp 0 0 0.0.0.0:50022 0.0.0.0:* LISTEN 1021/rpc.statd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 892/smbd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 906/rpcbind tcp6 0 0 :::22 :::* LISTEN 497/sshd tcp6 0 0 :::42712 :::* LISTEN 1021/rpc.statd tcp6 0 0 :::445 :::* LISTEN 892/smbd tcp6 0 0 :::139 :::* LISTEN 892/smbd tcp6 0 0 :::111 :::* LISTEN 906/rpcbind udp 0 0 0.0.0.0:51566 0.0.0.0:* 615/avahi-daemon: r udp 0 0 0.0.0.0:68 0.0.0.0:* 7362/dhclient udp 0 0 0.0.0.0:111 0.0.0.0:* 906/rpcbind udp 0 0 192.168.1.255:137 0.0.0.0:* 1782/nmbd udp 0 0 192.168.1.67:137 0.0.0.0:* 1782/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 1782/nmbd udp 0 0 192.168.1.255:138 0.0.0.0:* 1782/nmbd udp 0 0 192.168.1.67:138 0.0.0.0:* 1782/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 1782/nmbd udp 0 0 0.0.0.0:655 0.0.0.0:* 906/rpcbind udp 0 0 0.0.0.0:17500 0.0.0.0:* 2217/dropbox udp 0 0 0.0.0.0:5353 0.0.0.0:* 615/avahi-daemon: r udp 0 0 0.0.0.0:34805 0.0.0.0:* 1021/rpc.statd udp6 0 0 :::40192 :::* 1021/rpc.statd udp6 0 0 :::111 :::* 906/rpcbind udp6 0 0 :::655 :::* 906/rpcbind udp6 0 0 :::5353 :::* 615/avahi-daemon: r udp6 0 0 :::42629 :::* 615/avahi-daemon: r How do I configure those services so they only listen to the outside world when I'm actually using them?