today I looked through my firewall2 configs and changed some rules.
Using a service from outside I tried a quickscan: http://scan.sygatetech.com/quickscan.html
It says that IDENT Port:113 is still open.
*ups ...
I found another port scanner service at grc.com and repeated the test https://grc.com/x/ne.dll?bh0bkyd2
Result:
"113 Ident Closed - Your computer has responded that this port exists but is currently closed to connections."
Hoch much sense does it make trying to hide my computer by dropping, for example, icmp packets when there is still a port open which I cannot block myself?
You have to choose your poison - coming up nxt
- Really ? Is it that I really can not block this port with iptables or is it just a SuSE feature ? ;-)
You can block this completly. If the default policy DROPs all packages it is enough to umcomment relating rules. BUT - if you then e.g. try to pop mail from external pophost you'll need a lot more time until new mail arrives you, cauzed by the ignored, and not blocked, ident call of that pop-server :O) As i said - choose your poison. Oops, one more idea. You can handle the ident-port for your external pop-servers alone with -s IP.OF.POP.SERVER option instead of uncommenting rules and drop all other connection coming to ident-port trough default policy. Nice WE Michael Appeldorn