On Thu, Mar 16, 2000 at 04:39:05PM +0000, Tim Haynes wrote: > For most (home) purposes it's best to make it REJECT instead of DENY, if you > choose to block it, so that e.g. remote FTP sites don't have to wait for a > timeout before letting you in.
This isn't specific to identd, but I'm wondering why you would bother filtering the port instead of just not running identd? (I assume you would have/do turn off identd in /etc/inetd.conf as well as using doing port filtering.) I've never really understood why people filter all kinds of ports on their own machine when the ports are closed anyway. The only advantage I can see is that if someone hits you with a trojan something-or-other, the the bad guys won't be able to talk to it if it picks a blocked port. Is this the reason for doing it, or am I missing something? Filtering ports makes sense when you are protecting a bunch of machines, especially ones which you don't run directly, but for a machine filtering traffic for only itself, it seems like a waste. Thanks, -- #define X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dups/ Peter Cordes ; e-mail: X([EMAIL PROTECTED] , dal.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE