Hi Dog, On 2001.09.06 18:06:23 +0100 dog@intop.net wrote:
you can use a REJECT instead of DENY for the ipchains rule and your machine will not appear to even be online. if you use the deny rule, they can still tell what ports you have open, but cannot connect to them.
Its the other way round: from man 8 ipchains : ACCEPT means to let the packet through. DENY means to drop the packet on the floor. REJECT means the same as drop, but is more polite and easier to debug, since an ICMP message is sent back to the sender indicating that the packet was dropped. (Note that DENY and REJECT are the same for ICMP packets). Maf, -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~