Simon Huggins <firstname.lastname@example.org> writes:
> On Mon, Sep 10, 2001 at 05:24:15PM +0100, Tim Haynes wrote:
> > My script, previously plugged, does this with connection tracking.
> > iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> > iptables -A block -m state --state INVALID -j DROP
> Indeed though some people may prefer REJECT rather than DROP to be polite
> to people identing them for instance (well and to speed up outbound
> connection attempts where the other end attempts ident).
That's why my script, previously plugged, proceeds to REJECT, with TCP-RST,
ident requests separately, further down. The above does not DROP identd,
unless you're sending me invalid packets, of course.
11:30:18 up 45 days, 1:28, 13 users, load average: 0.11, 0.05, 0.01
email@example.com |You take your message to the waters,
http://piglet.is.dreaming.org |And you watch the ripples flow