Does the grsecurity stealth module do anything different than just having my INPUT chain end with a DROP rule? My ruleset judges packets with a large number of criteria and has explicit ACCEPT rules for the servers I want to be accessible - it then passes all other packets to a ULOG/DROP chain.
I'm just curious as to if the stealth module will gain me anything. Putting it before the logdrop entry means I don't get logs of bad packets, putting it afterwards it'll never be reached.. it'd have to replace my existing rule.
Thanks in advance for information,
Torne
grsecurity stealth module
3 posts
• Page 1 of 1
grsecurity stealth module
by torne » Mon Aug 12, 2002 12:55 pm
- torne
- Posts: 54
- Joined: Mon Aug 12, 2002 12:52 pm
by spender » Tue Aug 13, 2002 5:53 pm
It matches packets coming to unserved TCP and UDP ports. If your default target for INPUT is DROP, it won't do anything for you. It's mainly useful for servers where users are allowed to run their own servers, and the administrator doesn't know which ports are going to be used for the servers. For these systems, using a default target of DROP would not work, you need something dynamic like the stealth module to do it.
-Brad
-Brad
- spender
- Posts: 2185
- Joined: Wed Feb 20, 2002 8:00 pm
3 posts
• Page 1 of 1