On Sat, Jan 31, 2004 at 07:32:36AM -0600, J.D. Bronson wrote: > I have a question. I setup the following in sysctl.conf: > > net.inet.tcp.blackhole=2 > net.inet.udp.blackhole=1 > > ..Well this works, but now I have a new issue. > I run sendmail and as such, need to allow TCP 113 into this machine > and yet get CONNECTION REFUSED. - I dont want to run IDENT, but > need to still get the CONNECTION REFUSED...
Run ipfw(8) or a similar firewall and set up a rule that sends an ICMP reject whenever it detects an incoming connection on port 113 as part of your firewall configuration. Eg. something like:
01600 reset tcp from any to me dst-port 113 setup
Cheers,
Matthew
Thanks...but I have quite a robust Cisco firewall in place ahead of the freebsd machines...so I dont -need- to run ipfw...Hmmm...
Actually since the Cisco is dropping any packets already, I wonder if 'blackhole' is simply a stupid idea in the first place...
-- J.D. Bronson - "LoneBandit" Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
