Peter Cordes wrote: > What you're saying is that if you want to serve web pages to some IPs, but > not the whole internet, then you have a job for ipchains, which is true. > > OTOH, my point was that if you're not running httpd (at all), then you > don't need packet filtering on port 80. The kernel handles packets to port > 80 by replying with "port's closed, have a nice day" (paraphrased :), so you > don't need to use ipchains to make it do that. (Unless you really want the > packets to be dropped outright with no reply, which is of limited > usefulness, AFAIK.)
Right. I realized you were talking about unused ports instead of ports that you want to be protected after I sent my mail. :( -- Brian Kimball