> On 4/24/07, Chris Smith <[EMAIL PROTECTED]> wrote: > > > > Hello, > > > > Using openbsd as a firewall in several cases - a few small businesses, and > > also for home use. Some websites, such as grc.com, stress that "stealth > > mode" > > (which openbsd handles with ease) is the safest. But I've also read that > > using 'return' instead of 'drop' is good netizenship. So I'm wondered how > > others are handling this and what recommendations you might have.
Well, when it comes to staying "safe," both return and drop both block unwanted traffic. Whether or not someone can determine if a host is up really won't do much for security. That being said, return is preferable. It reduces traffic (SYN retransmits,) and will improve responsiveness for other hosts. Now if someone is nmapping you with -sS for instance, block drop will reduce traffic in that specific case (no RST from you.) The amount is generally negligible though. I'd recommend using pf.os to block nmap in this case so you can have the best of both worlds. All in all, it does not really matter _that_ much. Don't stay awake at night thinking: did I write block drop or block return? AHHHHHH! I don't know! Hacks0arz are coming for me!! -- Travers Buda
