Uhhh are you sure it shouldn't read "DROP" and "reject"?
- "Drop" usually just drops the packet silently
- "Reject" drops the packet and sends an ICMP_UNREACHABLE message
back to the originator (or possibly a TCP RESET packet if
the request was TCP)
If the words are actually deny and reject, my money would go
on betting that deny is the same as drop.
When I say silently I don't mean "it doesn't get logged"; logging
can usually be enabled for both. I just mean that the originator
doesn't get to see the "haa-haa I didn't let your packet through"
ICMP message.
Oh and incidentally, it would really have helped if you stated
what firewall you are running... :-)
Regards,
Mikael Olsson
Bennett Samowich wrote:
>
> This may be another newbie question, when "dis-allowing" certain packets
> is it better to deny or reject? Why the different actions?
>
> Thanks
> - Bennett
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
