Date: Thu, 20 Feb 1997 13:40:26 -0500 From: Brian McGovern <bmcgover@cisco.com> To: davidn@labs.usn.blaze.net.au Cc: hackers@freebsd.org Subject: Re: "connection refused" Message-ID: <199702201840.NAA00331@bmcgover-pc.cisco.com>
next in thread | raw e-mail | index | archive | help
I didn't see a reply to this, so I figured I'd toss this answer in the mix... Wouldn't /sbin/ipfw, and associated kernel options do what you wish? Then you can build a set of source/destination hosts/network/ports that will have access to the server socket in question. Also, ipfw supports a connection refused vs. not bothering to respond. The later is preferable if you really don't want someone to know the server is there, rather than knowing the server is there and refusing connections on that port (makes them more likely to go off to attack another machine rather that trying to come up with newer ways to find a way in to your firewalled machine). -Brian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702201840.NAA00331>