Mickey Mullin wrote:
> If by "firewall," you mean an application(Process ID?)-specific
> Internet security tool, then you may well have identified an as-yet
> unfulfilled need.  If you only mean to imply greater security in that
> connection attempts to closed ports appear invisible, then iptables
> aready does that.
>
> In "closing" ports, one has the option - nay one is recommended - to
> use the "DROP" target which has the desired effect of which you speak.
> (Unwanted packets are simply and silently dropped upon the proverbial
> floor.)  There are, of course, cases where using, say, "REJECT" may be
> prefered - most notably if one is using one's Linux box to do some
> true grit routing (as when using multiple Internet service
> providers).  In those cases, if a neighboring router is trying to
> pass packets *through* one's area, one wants to let one's neighbor
> know as soon as possible
> that it should look elsewhere.
>
> dreamwolf

It is probably a very good idea to actually REJECT ident (113/tcp) lookups
rather than drop them.  It is very common to have reverse ident lookups do
to your activity, and a DROP will cause a delay that is not needed.  This
particular item is normal and not a security concern in and of itself.  As a
matter of fact, it is so common, it is good to not even log it.

Tom Veldhouse


--
gentoo-security@g.o mailing list