[Shorewall-devel] Re: [Shorewall-users] ports 'closed', not 'blocked'???

Paul Gear paulgear@bigfoot.com
Tue, 30 Apr 2002 20:27:44 +1000


Tom Eastep wrote:

> ...
> The default Shorewall
> rules file in the samples REJECTS port 113 and I recommend that you leave
> it that way to avoid problems connecting to some services. The common.def
> file rejects port 135.

Tom,

I think it would be worth documenting (somewhere) the reason that these
services are rejected rather than dropped.  These automated scanners
routinely tell people that they should be dropping, not rejecting, so it
would be nice to provide them with a reason.

Paul
http://paulgear.webhop.net