On Tue, Apr 24, 2007 at 06:36:17PM -0400, Chris Smith wrote: > Hello, > > Using openbsd as a firewall in several cases - a few small businesses, and > also for home use. Some websites, such as grc.com, stress that "stealth mode" > (which openbsd handles with ease) is the safest. But I've also read that > using 'return' instead of 'drop' is good netizenship. So I'm wondered how > others are handling this and what recommendations you might have.
I find 'return' to be easier to work with. The LAN I am primarily thinking about is both infested with Windows and accessible via VPN - and the VPN has some Windows clients. Considering the people on said LAN, who are both sweet and smart but not in general computer-savvy, I'd be highly surprised if an attacker spent much time on the firewall. Joachim -- TFMotD: tftp (1) - trivial file transfer program