Re: iptables firewall

To: debian-user@lists.debian.org
Subject: Re: iptables firewall
From: Adam Aube <aaube01@baker.edu>
Date: Mon, 26 Jan 2004 10:36:56 -0500
Message-id: <[🔎] 200401261036.56885.aaube01@baker.edu>
In-reply-to: <[🔎] 40152E36.4030008@brianman.dk>
References: <[🔎] 40152E36.4030008@brianman.dk>

On Monday 26 January 2004 10:11 am, Brian Schmidt wrote:
> Another thing with iptables I have been thinking of letting my firewall
> do, is to give a proper reply to connections on closed ports, rather
> than just dropping the connection.

Iptables comes with a REJECT target, used like this:

iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable

This will give the RFC-compliant "closed port" response for TCP and UDP.

If it gives an error and suggest you need to insmod, then support for 
REJECT is not enabled in your kernel.

Adam

Reply to:

References:
- iptables firewall
  - From: Brian Schmidt <lists@brianman.dk>

Prev by Date: Re: Unidentified subject!
Next by Date: Re: cron - stop console logging
Previous by thread: Re: iptables firewall
Next by thread: Re: iptables firewall
Index(es):
- Date
- Thread