[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: your mail

Peter Cordes wrote:

>   What you're saying is that if you want to serve web pages to some IPs, but
> not the whole internet, then you have a job for ipchains, which is true.
> 
>  OTOH, my point was that if you're not running httpd (at all), then you
> don't need packet filtering on port 80.  The kernel handles packets to port
> 80 by replying with "port's closed, have a nice day" (paraphrased :), so you
> don't need to use ipchains to make it do that.  (Unless you really want the
> packets to be dropped outright with no reply, which is of limited
> usefulness, AFAIK.)

Right.  I realized you were talking about unused ports instead of ports
that you want to be protected after I sent my mail. :(

-- 
Brian Kimball
Reply to: