> From: Donncha O Caoimh [mailto:donncha.ocaoimh at tradesignals.com]
> Yup, it's a lot more than just a static firewall.
> If you use the "atcp" option it listens in on a selected
> number of ports
> (widely dispersed and you can change them yourself) and if anyone
> connects to them their IP address is effectively blocked from your
> machine. You can't get to them, and they can't get to you! Of
> course, if
> a service is running on one of the ports it's ignored.
I seem to remember reading about implementing this using ipchains and a
script tailing the packet log. Prolly less hassle to just install
PortSentry.
>> Portsentry is smart enough to handle different protocols
> (http/ftp/telnet etc..) and works very well here in work and at home.
Er, "handle" how?
> Oh yeah, don't block ident. ftp servers, Exchange and IIS send ident
> requests back to you and might not allow access if it's blocked.
Well, the only thing I have found that blocks access when I have ident set
to DENY is a certain IRC server, which I don't use much anymore. I don't
see why ANY server should need to know my local username.
Paul.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
