Date: Wed, 27 Feb 2002 12:58:36 +0100 From: Bart Matthaei <bart@dreamflow.nl> To: Baldur Gislason <baldur@foo.is> Cc: security@freebsd.org Subject: Re: best firewall option for FreeBSD Message-ID: <20020227125836.O62131@heresy.dreamflow.nl> In-Reply-To: <02022711522201.07860@germanium>; from baldur@foo.is on Wed, Feb 27, 2002 at 11:52:22AM %2B0000 References: <3C7CB173.5F5A9837@hict.nl> <20020227113456.L62131@heresy.dreamflow.nl> <02022711522201.07860@germanium>
next in thread | previous in thread | raw e-mail | index | archive | help
--STPqjqpCrtky8aYs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 27, 2002 at 11:52:22AM +0000, Baldur Gislason wrote: > It's never a good idea to silently deny incoming connections on port 113 = (RFC1413 ident) > as remote daemons you connect to often try establishing a connection to y= our host on that > port and you won't be served untill they've timed out on the ident connec= tion. These were just some example firewall rules, not a complete setup. Also, it's better to reset connections to 113 than to deny them (reset won't cause a timeout interval, but will just refuse the connection). But I see no obvious reason why you would want to disable ident. It's pretty trivial. Regards, Bart --=20 Bart Matthaei bart@dreamflow.nl=20 Kiss me twice. I'm schizophrenic. --STPqjqpCrtky8aYs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8fMnsgcc6pR+tCegRAo85AJ9cQVmjcwm7/xq98Cqlg/3GXAA7pACeIKZi bPQ0GWeIPNnAle6YIPpVJSU= =OVrH -----END PGP SIGNATURE----- --STPqjqpCrtky8aYs-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020227125836.O62131>