ufw: reject 113

_posts/2015-06-12-ufw.md

@@ -22,7 +22,7 @@ ufw default deny incoming
 ufw default allow outgoing
 systemctl enable ufw && systemctl start ufw
 ufw enable
-ufw allow 113
+ufw reject 113
 ufw allow 631
 ufw allow 5060
 ufw allow 5353/udp
@@ -39,15 +39,10 @@ ufw allow 60000:61000/udp
 * Start ufw on boot and now (I am not sure if this step is required, but
   better safe than sorry).
 * Put the firewall in force.
-* 113/ident — Allow identd to be reached, probably all my hosts run it for
+* 113/ident — Tell "Connection refused" to whoever tries to reach port 113.
-  IRC.
+  This makes ident checking IRC servers connect faster as they don't have
-    * If some host doesn't run it use `ufw reject 113` so the IRC server
+  to timeout. If you run shell server (for IRC purpouses) you should allow
-      asking for your ident is replied "Connection refused" and the
+  this instead.
-      connecting happens faster as you aren't force to wait for timeout.
-        * I am not sure if this is faster than running ident, but my
-          recommendation is to allow it if you run it and otherwise reject.
-          Deny forces you to wait for timeout as your firewall says
-          nothing.
 * 631/cups — Allow access to cups for printer sharing
 * 5060/sip — VoIP, in this case Linphone
 * 5353/mdns/Avahi — used for `.local` addresses