Mailinglist Archive: opensuse-security (487 mails)

[Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>]

* fin; <fbissett@xxxxxxxxxxxxxxxx> on 30 Oct, 2002 wrote:
> Could someone tell me how to switch off identd in 8.1?
> I tested my firewall at www.grc.com and all of my ports are in stealth mode 
> except identd, which is closed but still visible. As it is a potential source 
> of information and only used for irc, which I don't need, I'd like to get rid 
> of it.

You need it also for mail sending. Here is the code from SuSEfirewall2-3.1

# If port 113 (auth/identd) will not allowed below, outgoing mail would
# be delayed most of the time. Hence we put a hardcoded reject line
# in.
   $IPTABLES -I input_ext 1 -j "$REJECT" -p tcp --dport 113 --syn 
    2>   /dev/null


if you are using older version is 2.1 then 

# If port 113 (auth/identd) was not allowed above, outgoing mail would
# be delayed most of the time. Hence we put a hardcoded reject line in.
for CHAIN in input_ext input_dmz input_int; do
   $LDA $IPTABLES -A $CHAIN -j LOG ${LOG}"-REJECT "  -p tcp --dport 113
   --syn
   $IPTABLES -A $CHAIN -j "$REJECT" -p tcp --dport 113 --syn
--reject-with tcp-reset 2> /dev/null
done


So that means you are rejecting requests to port 113 and you are safe as
far as port 113 goes for more detail about SuSEfirewall2 have look at
http://dinamizm.ath.cx/articles/firewall2.pdf if you haven't yet


--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx