#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Brick specific help ====
#	If a firewall drops Ident (tcp port 113) trafficwith out sending
#back a reset, this results in email, rlogin and irc connections that
#take two minutes to get going.  _If_ you plan to disallow ident traffic,
#common firewall wisdom says to reject it with a reset instead of
#dropping it; this identreject module does that.
#	_Do_ _not_ use this module if you need to allow ident traffic
#across your firewall.

/usr/bin/sudo /sbin/iptables -N identreject
/usr/bin/sudo /sbin/iptables -A identreject -p tcp --dport 113 -j REJECT --reject-with tcp-reset
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -p tcp --dport 113 -j identreject
/usr/bin/sudo /sbin/iptables -A FORWARD -p tcp --dport 113 -j identreject
/usr/bin/sudo /sbin/iptables -A OUTPUT -p tcp --dport 113 -j identreject