On Thu, 6 Jun 2002, Antony Stone wrote: > On Thursday 06 June 2002 5:56 pm, Tom Eastep wrote: > > > Some FTP sites use auth which can cause connection timeouts with that > > ruleset. For safety, I recommend adding > > > > iptables -A INPUT -p tcp --dport 113 -j REJECT > > Yes, good point. > > I'm thinking of a way to get IDENT requests classified as RELATED, so you can > either do this without leaving port 113 visible by the RSTs it sends, or even > get the IDENTs sent through to the original client for it to deal with.... >
Nod -- the whole identd/auth thing should just go away as it is based on assumptions that haven't been true for years. Nevertheless, it seems to hang on from sheer inertia and there's no current mechanism for dealing with it in a stealthy way. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED]
