RE: [SLUG] IPCHAINS problem.

Thu, 21 Sep 2000 17:27:44 -0700 

Yes, but if you want to provide service you do not use REJECT or DENY. You
use ACCEPT. You can't provide services and DENY connection to it. Surely I
misunderstand you there.

Also Bigpond for example only needs ports 5050 and 5055 open for their
"heart beat".

And surely Telstra will not object against you protecting yourself against
unauthorized access, will they?


In regards to pinging a machine you do not necessarily want to allow this
either. Why would anyone want to do that anyway. Only reason would be to
see, if it is there. Again handy for debugging, but otherwise?

Bernhard L�der
ICQ 26070583


> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> John Ferlito
> Sent: Friday, September 22, 2000 11:06 AM
> To: Bernhard L?der
> Cc: 'George Vieira'; 'Sydney Linux Users Group in Sydney (E-mail)'
> Subject: Re: [SLUG] IPCHAINS problem.
>
>
> On Fri, Sep 22, 2000 at 10:39:58AM +1100, Bernhard L?der wrote:
> > I would also not use REJECT, but rather DENY. The
> difference is, that with
> > DENY the request packets from the source are dropped
> without response.
> > REJECT sends back an ICMP packet to the source saying
> "You're not allowed
> > here". You would not want to "tell" anyone (maybe except
> for debugging),
> > that you do not accept connections at the port of 23 (or
> any port for this
> > matter).
>
>       That depends. If I know that you're machine is up ie I
> can ping it and I telnet
> to port 23 then I know you are runing a firewall. Which might
> be fair enough. But with REJECT
> I can't tell the difference. Maybe you're running a firewall
> or maybe you just aren't running a server
> on that port.
>
>       makes a big difference if say you're putting the
> firewall up to make it look to telstra and optus cable
> that you're not running services. In this case you dfinetly
> want REJECT.
>
> --
> John
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug



--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Reply via email to