On Wed, May 15, 2002 at 12:58:33PM +0200, Paulo Andre wrote: > Could someone please explain rejecting/dropping port 113. > I have been told that it will make connections slower. > Could someone maybe help
port 113 is for the ident service (also called "auth" in the /etc/services file) dropping connections will sometimes cause a delay when ftp-ing to a ftp server that wants to check the user connecting by doing an ident check. The server can continue when it can do the ident check (that is ACCEPT ident checks), when it finds the port not bound (that is REJECT ident) or when the connection times out (that is DROP ident) the first may be undesirable for privacy reasons/security, the second is faster than the last, because time-out can take up to 30 seconds or more. so the common policy is to drop most stuff, but reject ident requests (tcp). Cheers Simon
