Re: iptables firewall
On Monday 26 January 2004 10:11 am, Brian Schmidt wrote:
> Another thing with iptables I have been thinking of letting my firewall
> do, is to give a proper reply to connections on closed ports, rather
> than just dropping the connection.
Iptables comes with a REJECT target, used like this:
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
This will give the RFC-compliant "closed port" response for TCP and UDP.
If it gives an error and suggest you need to insmod, then support for
REJECT is not enabled in your kernel.
Adam
Reply to: