On Monday 26 January 2004 10:11 am, Brian Schmidt wrote: > Another thing with iptables I have been thinking of letting my firewall > do, is to give a proper reply to connections on closed ports, rather > than just dropping the connection.
Iptables comes with a REJECT target, used like this: iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable This will give the RFC-compliant "closed port" response for TCP and UDP. If it gives an error and suggest you need to insmod, then support for REJECT is not enabled in your kernel. Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
