* Adrian 'Dagurashibanipal' von Bidder <[EMAIL PROTECTED]> [20030320 06:39 PST]: > Set it up to block everything and then selectively open ports until > everything works as desired. Depending on the applications it may be a > good idea to REJECT auth (identd) packets instead of dropping them - > some applications have long timeouts.
IMO, it's a good idea to REJECT instead of DROPping most packets. If you think DROPping makes you invisible, you're deluding yourself. I generally end my INPUT chain with -p tcp -j REJECT --reject-with tcp-reset -p udp -j REJECT --reject-with icmp-port-unreachable -j REJECT --reject-with icmp-proto-unreachable Of course, different setups have different needs, but I think this is pretty good for most home configurations good times, Vineet -- http://www.doorstop.net/ -- http://www.digitalconsumer.org/
signature.asc
Description: Digital signature