Re: best firewall option for FreeBSD
From: Bart Matthaei (bart@dreamflow.nl)
Date: 02/27/02
- Next message: m p: "Re: best firewall option for FreeBSD"
- Previous message: Baldur Gislason: "Re: best firewall option for FreeBSD"
- In reply to: Baldur Gislason: "Re: best firewall option for FreeBSD"
- Next in thread: m p: "Re: best firewall option for FreeBSD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Feb 2002 12:58:36 +0100 From: Bart Matthaei <bart@dreamflow.nl> To: Baldur Gislason <baldur@foo.is>
On Wed, Feb 27, 2002 at 11:52:22AM +0000, Baldur Gislason wrote:
> It's never a good idea to silently deny incoming connections on port 113 (RFC1413 ident)
> as remote daemons you connect to often try establishing a connection to your host on that
> port and you won't be served untill they've timed out on the ident connection.
These were just some example firewall rules, not a complete setup.
Also, it's better to reset connections to 113 than to deny them (reset
won't cause a timeout interval, but will just refuse the connection).
But I see no obvious reason why you would want to disable ident. It's
pretty trivial.
Regards,
Bart
-- Bart Matthaei bart@dreamflow.nl Kiss me twice. I'm schizophrenic.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: m p: "Re: best firewall option for FreeBSD"
- Previous message: Baldur Gislason: "Re: best firewall option for FreeBSD"
- In reply to: Baldur Gislason: "Re: best firewall option for FreeBSD"
- Next in thread: m p: "Re: best firewall option for FreeBSD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
