Re: firewall
On Tue, Sep 11, 2001 at 11:31:01AM +0100, Tim Haynes wrote:
> Simon Huggins <huggie@earth.li> writes:
> > On Mon, Sep 10, 2001 at 05:24:15PM +0100, Tim Haynes wrote:
> > > My script, previously plugged, does this with connection tracking.
> > > iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> > > iptables -A block -m state --state INVALID -j DROP
> > Indeed though some people may prefer REJECT rather than DROP to be polite
> > to people identing them for instance (well and to speed up outbound
> > connection attempts where the other end attempts ident).
> That's why my script, previously plugged, proceeds to REJECT, with
> TCP-RST, ident requests separately, further down. The above does not
> DROP identd, unless you're sending me invalid packets, of course.
Indeed it does. Perhaps you should include a date in that file with
revisions, since I downloaded a version on 12th June 2001 (date of the
original post) which didn't contain the lines for ident.
(In case people have forgotten we are talking about:
http://spodzone.org.uk/packages/secure/iptables.sh)
--
Simon Huggins \ "To infinity and beyond!"
\
http://www.earth.li/~huggie/ htag.pl 0.0.19
Reply to:
- Follow-Ups:
- Re: firewall
- From: Tim Haynes <debian@stirfried.vegetable.org.uk>