On Fri, 22 Oct 2010, Rune Elvemo wrote: > Earlier I had heard that -j DROP, was a good solution for making them > invisible for portscanners, although I did later find out that was > wrong. > > I have also tried various forms of -j REJECT --reject-with <>. I think we need a -j CLOSED. Of course, this requires implementing yet more of a network stack inside iptables. Matthew.