On Tue, Sep 11, 2001 at 11:31:01AM +0100, Tim Haynes wrote:
> Simon Huggins <firstname.lastname@example.org> writes:
> > On Mon, Sep 10, 2001 at 05:24:15PM +0100, Tim Haynes wrote:
> > > My script, previously plugged, does this with connection tracking.
> > > iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> > > iptables -A block -m state --state INVALID -j DROP
> > Indeed though some people may prefer REJECT rather than DROP to be polite
> > to people identing them for instance (well and to speed up outbound
> > connection attempts where the other end attempts ident).
> That's why my script, previously plugged, proceeds to REJECT, with
> TCP-RST, ident requests separately, further down. The above does not
> DROP identd, unless you're sending me invalid packets, of course.
Indeed it does. Perhaps you should include a date in that file with
revisions, since I downloaded a version on 12th June 2001 (date of the
original post) which didn't contain the lines for ident.
(In case people have forgotten we are talking about:
Simon Huggins \ "To infinity and beyond!"
http://www.earth.li/~huggie/ htag.pl 0.0.19
- Re: firewall
- From: Tim Haynes <email@example.com>