[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Firewall/IPChains Rules -- WAS: ipchains/locked out

Subject: RE: [cobalt-users] Firewall/IPChains Rules -- WAS: ipchains/locked out
From: Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>
Date: Sat Mar 17 07:02:32 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>     # AUTH server (113)
>     # -----------------
>
>     # Accept incoming connections to identd but disable in.identd in
> inetd.conf.
>     ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp  \
>              --source-port $UNPRIVPORTS \
>              -d $IPADDR 113 -j ACCEPT
>
>     ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
>              -s $IPADDR 113 \
>              --destination-port $UNPRIVPORTS -j ACCEPT

Hey, Craig...

I'm picking through these one by one to try to understand (already been
at it for awhile). As far as identd goes on port 113, if you're going to
disable in.identd (which I have also done), why not simply change the
input rule to REJECT?

If I understand things correctly, this would provide essentially the
same functionality as having inetd refuse the connection but do so in a
minutely quicker and more secure fashion.

--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>

References:
- [cobalt-users] Firewall/IPChains Rules -- WAS: ipchains/locked out
  - From: Craig Napier

Prev by Date: [cobalt-users] connection requests to UDP ports 67, 137, 138
Next by Date: RE: [cobalt-users] How do I install and setup the PortSentry?
Previous by thread: [cobalt-users] Firewall/IPChains Rules -- WAS: ipchains/locked out
Next by thread: [cobalt-users] Qube3 - Admin request of type /\bsubscribe\b/i at line 9

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index