[Firehol-support] Re: Masking port number 113?

Daniel Pittman daniel at rimspace.net
Tue Aug 10 02:01:30 BST 2004


On 10 Aug 2004, gregy wrote:
> Hi, I just got firehol-1.191 working with my installation of Gentoo Linux.
> Had to run /sbin/iptables-save and add the connection tracking and NAT
> kernel modules before it would start. Works like a charm except for
> port 113 being visible, and I don't know if that's a problem or not --
> it's just a desktop PC not a server.

My guess is that the 'IRC' module allows access to this, since IRC
servers are the only things silly enough to bother with the ident
protocol on the Internet these days.

Worse, many of them still refuse access if your system does *not*
respond to ident, apparently.

A quick google suggested this was so, but no hard evidence, only other
people saying it was so.

> How difficult would it be to mask port number 113 and what would that
> require in firehol.conf? Currently all I have is "interface any world
> client all accept".

Put before the 'client all accept' line 'server ident reject'.

> This was an unimaginably simple setup of a Linux firewall. Just a
> breeze:)

I am very fond of Firehol as well. So far, much better than any
alternative.

        Daniel
-- 
A psychatrist is someone who hopefully finds out what
makes a person tick before they explode.
        -- Alfred E. Neuman





More information about the Firehol-support mailing list