[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall

On Tue, Sep 11, 2001 at 11:31:01AM +0100, Tim Haynes wrote:
> Simon Huggins <huggie@earth.li> writes:
> > On Mon, Sep 10, 2001 at 05:24:15PM +0100, Tim Haynes wrote:
> > > My script, previously plugged, does this with connection tracking. 
> > >     iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> > >     iptables -A block -m state --state INVALID -j DROP
> > Indeed though some people may prefer REJECT rather than DROP to be polite
> > to people identing them for instance (well and to speed up outbound
> > connection attempts where the other end attempts ident).
> That's why my script, previously plugged, proceeds to REJECT, with
> TCP-RST, ident requests separately, further down. The above does not
> DROP identd, unless you're sending me invalid packets, of course.

Indeed it does.  Perhaps you should include a date in that file with
revisions, since I downloaded a version on 12th June 2001 (date of the
original post) which didn't contain the lines for ident.

(In case people have forgotten we are talking about:

Simon Huggins  \ "To infinity and beyond!"
http://www.earth.li/~huggie/                                htag.pl 0.0.19

Reply to: