From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark Frey Subject: Re: How to ignore incoming packets Date: Wed, 27 Aug 2003 17:36:11 -0400 Sender: linux-diald-owner@vger.kernel.org Message-ID: <3F4D244B.1030109@sympatico.ca> References: <3F4CBDEC.6F623298@f3g.de> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <3F4CBDEC.6F623298@f3g.de> List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Sudheimer Cc: linux-diald@vger.kernel.org Hi Joachim, As far as I know, you can only do this if you have a static IP address. Then you can filter based on your fixed ip.daddr : ignore tcp ip.daddr=,tcp.dest=tcp.telnet I'd also like to know of any way to accomplish this with a dynamic address! Mark. Sudheimer wrote: > Hi everyone, > > I would like diald to ignore any incoming connection attempts. > > For example if I get incoming packages to my tcp port 23 (telnet), they > fit the default rule of diald and keep up the line for 2 minutes (keepup > tcp 120 any). I do not have telnetd running on this port and have also > an ipchains packet denying these packets. > > Nevertheless these packages match the final catch-all rule of diald and > keep up the line for 2 minutes (keepup tcp 120 any). > > On the other hand, I do not want to define a rule like "ignore telnet > packets" because this would also match my own telnet-sessions to remote > telnet servers. > > If it were possible for diald to distinguish between incoming and > outgoing packets one could say somthing like "ignore incoming tcp SYN > packets". Is there something like that? > > > Joachim > - > To unsubscribe from this list: send the line "unsubscribe linux-diald" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >