tcp blackhole and ident
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sat Jan 31 05:39:31 PST 2004
On Sat, Jan 31, 2004 at 07:32:36AM -0600, J.D. Bronson wrote:
> I have a question. I setup the following in sysctl.conf:
>
> net.inet.tcp.blackhole=2
> net.inet.udp.blackhole=1
>
> ..Well this works, but now I have a new issue.
> I run sendmail and as such, need to allow TCP 113 into this machine
> and yet get CONNECTION REFUSED. - I dont want to run IDENT, but
> need to still get the CONNECTION REFUSED...
Run ipfw(8) or a similar firewall and set up a rule that sends an ICMP
reject whenever it detects an incoming connection on port 113 as part
of your firewall configuration. Eg. something like:
01600 reset tcp from any to me dst-port 113 setup
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040131/a5343113/attachment-0001.bin
More information about the freebsd-questions
mailing list