On Tue, Sep 11, 2001 at 11:31:01AM +0100, Tim Haynes wrote: > Simon Huggins <[EMAIL PROTECTED]> writes: > > On Mon, Sep 10, 2001 at 05:24:15PM +0100, Tim Haynes wrote: > > > My script, previously plugged, does this with connection tracking. > > > iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT > > > iptables -A block -m state --state INVALID -j DROP > > Indeed though some people may prefer REJECT rather than DROP to be polite > > to people identing them for instance (well and to speed up outbound > > connection attempts where the other end attempts ident). > That's why my script, previously plugged, proceeds to REJECT, with > TCP-RST, ident requests separately, further down. The above does not > DROP identd, unless you're sending me invalid packets, of course.
Indeed it does. Perhaps you should include a date in that file with revisions, since I downloaded a version on 12th June 2001 (date of the original post) which didn't contain the lines for ident. (In case people have forgotten we are talking about: http://spodzone.org.uk/packages/secure/iptables.sh) -- Simon Huggins \ "To infinity and beyond!" \ http://www.earth.li/~huggie/ htag.pl 0.0.19
