Simon Huggins <[EMAIL PROTECTED]> writes: > On Mon, Sep 10, 2001 at 05:24:15PM +0100, Tim Haynes wrote: > > My script, previously plugged, does this with connection tracking. > > > iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT > > iptables -A block -m state --state INVALID -j DROP > > Indeed though some people may prefer REJECT rather than DROP to be polite > to people identing them for instance (well and to speed up outbound > connection attempts where the other end attempts ident).
That's why my script, previously plugged, proceeds to REJECT, with TCP-RST, ident requests separately, further down. The above does not DROP identd, unless you're sending me invalid packets, of course. ~Tim -- 11:30:18 up 45 days, 1:28, 13 users, load average: 0.11, 0.05, 0.01 [EMAIL PROTECTED] |You take your message to the waters, http://piglet.is.dreaming.org |And you watch the ripples flow
