[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] port triggering
 Date:  Thu, 4 Aug 2005 21:19:33 -0400
On 8/4/05, Dave Warren <maillist at devilsplayground dot net> wrote:
> Chris Buechler wrote:
> >yeah, I don't see something of that nature getting added to m0n0wall.
> >
> >What the last poster suggested, when something hits a certain port,
> >open up something based on some rules you've predefined, is more sane.
> > I don't see that happening either though because of the way it'd have
> >to be hacked in to work.  Basically it'd be an ugly mess, for
> >something that practically nobody wants or needs.
> >
> >
> The big advantage of port triggering is that it can work for things like
> IRC which require IDENTD and other services that need to be dynamically
> assigned.
> As you say though, the implementation...

I don't use a lot of IRC networks, but the ones I do use don't require
ident anymore.  They all try it first though.  To avoid the delay when
connecting, I put a reject rule on my WAN for TCP 113 so it
immediately connects.