On Friday 17 December 2004 13:18, Derek Jennings wrote: > On Friday 17 December 2004 12:09, Kaj Haulrich wrote: > > When checking my ports at "Shields Up" (www.grc.com), my port > > 113 shows "blocked". I would prefer "stealthed". > > > > Now, I know that somewhere in /etc/shorewall/foo it should be > > possible to change "REJECT" to "DROP", but I can't locate the > > entry (policy ?) and - what's worse - can't figure out the > > syntax. I've tried webmin, but every attempt here ends up with > > my system unable to connect to anything. And, yes, I do a > > "service shorewall restart" after each attempt. > > > > 1. Does it matter having port 113 (IDENT) blocked ? > > 2. If eyes, how to do it ? > > > > TIA > > > > Kaj Haulrich. > > http://www.shorewall.net/FAQ.htm#faq4 > > derek
Thanks, Derek ! By editing /etc/shorewall/rules I managed to stealth port 113. The documentation in Shorewall states that it defaults to "REJECT" in order to make "auth" possible, but according to the documentation at grc this is an abandoned protocol only used by some old unix servers. We'll see if stealthing port 113 has any adverse effects.... Thanks again, Kaj Haulrich. -- *sent from a 100% Microsoft-free workstation* * http://haulrich.net * *Running Linux (Mandrake 10.1) - kernel 2.6.8*
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________