Re: your mail
Peter Cordes wrote:
> What you're saying is that if you want to serve web pages to some IPs, but
> not the whole internet, then you have a job for ipchains, which is true.
>
> OTOH, my point was that if you're not running httpd (at all), then you
> don't need packet filtering on port 80. The kernel handles packets to port
> 80 by replying with "port's closed, have a nice day" (paraphrased :), so you
> don't need to use ipchains to make it do that. (Unless you really want the
> packets to be dropped outright with no reply, which is of limited
> usefulness, AFAIK.)
Right. I realized you were talking about unused ports instead of ports
that you want to be protected after I sent my mail. :(
--
Brian Kimball
Reply to: