[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall

Simon Huggins <huggie@earth.li> writes:

> On Mon, Sep 10, 2001 at 05:24:15PM +0100, Tim Haynes wrote:
> > My script, previously plugged, does this with connection tracking. 
> >     iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> >     iptables -A block -m state --state INVALID -j DROP
> Indeed though some people may prefer REJECT rather than DROP to be polite
> to people identing them for instance (well and to speed up outbound
> connection attempts where the other end attempts ident).

That's why my script, previously plugged, proceeds to REJECT, with TCP-RST,
ident requests separately, further down. The above does not DROP identd,
unless you're sending me invalid packets, of course.

   11:30:18 up 45 days,  1:28, 13 users,  load average: 0.11, 0.05, 0.01
piglet@stirfried.vegetable.org.uk |You take your message to the waters,
http://piglet.is.dreaming.org     |And you watch the ripples flow

Reply to: