[Fedora] Re: iptables: drop or reject?
Ashley M. Kirchner
ashley at pcraft.com
Fri Oct 26 15:30:11 UTC 2007
Bruno Wolff III wrote:
> Dropping packets from the ident port can potentially cause problems. Sometimes
> servers will check back there to get a user id (this goes back to when people
> mostly shared computers, it is pretty pointless today) and if you drop packets
> things may stall until the connection times out rather than giving up
> immediately after being told ident isn't available.
>
One of the first things that I always shut off, since the days of
RH5, was the ident daemon and later on the port itself. I don't care to
use it, I've never had problems not running it and I don't see any
reason why I should either. I don't think this would be a problem
either, but then maybe you'll prove me wrong.
--
W | It's not a bug - it's an undocumented feature.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / Websmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
More information about the users
mailing list