Bad confusion about what to do with auth.
Anders Peter Fugmann
email hidden
Wed Feb 22 21:42:04 CET 2006
To reply to you original posting, the line:
'REPLY_AUTH="EXT tcp-reset tcp auth 0.0.0.0/0=>0.0.0.0/0"'
should reject all incomming connection attempts to the ident daemon
(which is what you want).
There is no need for any INPUT, FORWARD or OUTPUT rules.
But dueto the bug as described in the previous mail, this does not work
as expected, unless you remove the mentioned line in sanity_check.sh.
Seeing the FIAIF_SCAN logged packets is a symptom of the bug.
Regards
Anders Fugmann
More information about the fiaif
mailing list