IRC is the only thing I can think of that might require you to be running
ident.
If you're not planning to IRC from your system, you can safely turn identd
off.
On Sat, 25 May 2002, Peter Kiem wrote:
> > Note that you should explicitly REJECT connections to port 113 from the
> > outside in or
> Note that you should explicitly REJECT connections to port 113 from the
> outside in order to avoid timeouts due to IDENT requests. For example,
when
> you try to send mail, some servers will send back an IDENT request on
> 113/tcp. If you DENY that, you'll sit there waiting for a minute while t
Thank you all for your suggestions. I will use them.
--- "Rodolfo J. Paiz" <[EMAIL PROTECTED]> wrote:
> At 5/15/2002 10:05 AM +1000, you wrote:
>
> >You're doing this backwards. What you want is:
> >
> > /sbin/ipchains -P input REJECT
> > /sbin/ipchains -P output REJECT
> >
At 5/15/2002 10:05 AM +1000, you wrote:
>You're doing this backwards. What you want is:
>
> /sbin/ipchains -P input REJECT
> /sbin/ipchains -P output REJECT
> /sbin/ipchains -P forward DENY
>
>and then a bunch of rules to ACCEPT _only_ what you expect.
>Much much safer.
G
On Wed, May 15, 2002 at 10:05:08AM +1000, Cameron Simpson wrote:
> On 16:28 14 May 2002, The Gyzmo <[EMAIL PROTECTED]> wrote:
> | #modify chains
> | /sbin/ipchains -P input ACCEPT
> | /sbin/ipchains -P output ACCEPT
> | /sbin/ipchains -P forward DENY
> |
> | #deny TCP connection attempts
> | /sbi
On 16:28 14 May 2002, The Gyzmo <[EMAIL PROTECTED]> wrote:
| #modify chains
| /sbin/ipchains -P input ACCEPT
| /sbin/ipchains -P output ACCEPT
| /sbin/ipchains -P forward DENY
|
| #deny TCP connection attempts
| /sbin/ipchains -A input -l -i ppp+ -p tcp -y -j DENY
You're doing this backwards. Wh
Hello all.
I got DSL about a month ago and with all the recent
threads about people being cracked, I'm starting to
get worried that my firewall might not be very good. I
have a RHL 7.2 machine which I will upgrade to 7.3 as
soon as I can find a server to download it from that's
fast enough. I'm u