Mailinglist Archive: opensuse-security (556 mails)
| < Previous | Next > |
Re: [suse-security] Block IP in firewall
- From: maf king <maf@xxxxxxxxxxxxxx>
- Date: Thu, 6 Sep 2001 18:17:33 +0100
- Message-id: <20010906181733.I6140@carrie>
Hi Dog,
On 2001.09.06 18:06:23 +0100 dog@xxxxxxxxx wrote:
> you can use a REJECT instead of DENY for the ipchains rule and your
> machine will not appear to even be online. if you use the deny rule,
> they
> can still tell what ports you have open, but cannot connect to them.
>
Its the other way round:
from man 8 ipchains :
ACCEPT means to let the packet through. DENY means to
drop the packet on the floor. REJECT means the same as
drop, but is more polite and easier to debug, since an
ICMP message is sent back to the sender indicating that
the packet was dropped. (Note that DENY and REJECT are
the same for ICMP packets).
Maf,
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Maf. King
Standby Exhibition Services
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"It is easier to do a job right than to explain why you didn't."
- Martin Van Buren
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On 2001.09.06 18:06:23 +0100 dog@xxxxxxxxx wrote:
> you can use a REJECT instead of DENY for the ipchains rule and your
> machine will not appear to even be online. if you use the deny rule,
> they
> can still tell what ports you have open, but cannot connect to them.
>
Its the other way round:
from man 8 ipchains :
ACCEPT means to let the packet through. DENY means to
drop the packet on the floor. REJECT means the same as
drop, but is more polite and easier to debug, since an
ICMP message is sent back to the sender indicating that
the packet was dropped. (Note that DENY and REJECT are
the same for ICMP packets).
Maf,
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Maf. King
Standby Exhibition Services
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"It is easier to do a job right than to explain why you didn't."
- Martin Van Buren
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| < Previous | Next > |