[KLUG Members] iptables

Bruce Smith members@kalamazoolinux.org
30 Jul 2002 10:31:14 -0400

Previous message: [KLUG Members] iptables
Next message: [KLUG Members] iptables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I have a couple of questions regarding iptables,
> first, when I use 'iptables -L' to list the current config, a line of 
> the config apears one every two or three seconds, so the whole config 
> takes some time to show. I can't find out any reason for this behaviour.

Probably a resolver delay.  Try adding a "-n" to display only numbers.

  iptables -L -n

> second, I want  to close the ident port (113) for all incomming 
> connections except for thoose there is already a connection open. Some 
> mail servers appear to need a open ident port before accepting email, or 
> at least need significant more time to accept email. How can I make 
> netfiler to accept incomming requests to this port when there is already 
> an active (smtp) connection?

I don't know how (or if) that can be done, but you can eliminate the
delay by sending port 113 to the REJECT target/rule instead of DROP.

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Previous message: [KLUG Members] iptables
Next message: [KLUG Members] iptables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]