Hi All, I've got portsentry and ipfw running on a firewall/gateway at home. One thing I like is when you add a deny rule to ipfw, it blocks all packets. I wrote a little perl script that reads in the hosts.deny file and re-adds those IPs upon boot-up. There is probably another way to do this, but I didn't research it at the time. The way I understand how /etc/hosts.deny works, is that it will deny those services listed in /etc/inetd.conf if the IP is listed in the deny file. This is why I wrote the perl script - to deny packets to anything from those IPs that port scanned me. hosts.deny doesn't include some services (web - port 80, email - port 25) b/c those daemons are actively listening on those ports. (Correct me if I'm wrong). I'm curious, if for a general web server, email server, if it is wise to compile in ipfw and firewall support into them, so if someone portscans or tries some other attack, they will be blocked, and not just blocked from the inetd services. Thanks, Rob --- If you're not part of the solution, you're part of the precipitate.
