Steven Thompson wrote:
Hi I have a lot of mail servers trying to connect to my identd port (113) when sending mail to me.
<Quote> The problem comes about because the firewall silently drops the SYN packet. The e-mail server is expecting an immediate SYN-ACK (identd supported) or RST (identd not supported), but when the firewall drops the packet it keeps trying until the connection times out. http://www.robertgraham.com/pubs/firewall-seen.html#slow-email <Quote>
How do you reconfigure the firewall to RST all those connections the incomming smtp requests on the identd port (113) using "pchains".
Thanks in advance
Steven
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi, Maybe you could try to reject the connection requests rather than denying them: ipchains -A input -i $EXTERNAL_INTERFACE -p TCP \ -s $ANYWHERE -d $MY_IPADDRS 113 -j REJECT ".. you need to reject the connection request to avoid waiting for the TCP connection timeout. This is the only case when an incoming packet is rejected rather than denied ...." Robert Ziegler, "Linux Firewalls", New Riders 2000. Cheers - Les Catterall