From owner-freebsd-questions@FreeBSD.ORG Sat Jan 31 05:39:31 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD01016A4CE for ; Sat, 31 Jan 2004 05:39:31 -0800 (PST) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23EEF43D31 for ; Sat, 31 Jan 2004 05:39:29 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i0VDdOjc048503 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 31 Jan 2004 13:39:24 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i0VDdO2O048502; Sat, 31 Jan 2004 13:39:24 GMT (envelope-from matthew) Date: Sat, 31 Jan 2004 13:39:24 +0000 From: Matthew Seaman To: "J.D. Bronson" Message-ID: <20040131133924.GB48307@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , "J.D. Bronson" , freebsd-questions@freebsd.org References: <6.0.2.0.2.20040131072955.00b54ee8@cheyenne.wixb.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qlTNgmc+xy1dBmNv" Content-Disposition: inline In-Reply-To: <6.0.2.0.2.20040131072955.00b54ee8@cheyenne.wixb.com> User-Agent: Mutt/1.5.5.1i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: tcp blackhole and ident X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jan 2004 13:39:31 -0000 --qlTNgmc+xy1dBmNv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 31, 2004 at 07:32:36AM -0600, J.D. Bronson wrote: > I have a question. I setup the following in sysctl.conf: >=20 > net.inet.tcp.blackhole=3D2 > net.inet.udp.blackhole=3D1 >=20 > ..Well this works, but now I have a new issue. > I run sendmail and as such, need to allow TCP 113 into this machine > and yet get CONNECTION REFUSED. - I dont want to run IDENT, but > need to still get the CONNECTION REFUSED... Run ipfw(8) or a similar firewall and set up a rule that sends an ICMP reject whenever it detects an incoming connection on port 113 as part of your firewall configuration. Eg. something like: 01600 reset tcp from any to me dst-port 113 setup Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --qlTNgmc+xy1dBmNv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAG7AMdtESqEQa7a0RApuCAJ91LncAH93Hx84148vCEbkDxf/OkACePZbo /7Xc9+AbaN2tdxDdiewXFbs= =W7zQ -----END PGP SIGNATURE----- --qlTNgmc+xy1dBmNv--