* Kian Mohageri <[EMAIL PROTECTED]> [2007-05-02 21:52]: > Henning Brauer wrote: > > * Chris Smith <[EMAIL PROTECTED]> [2007-04-25 00:42]: > >> Using openbsd as a firewall in several cases - a few small businesses, and > >> also for home use. Some websites, such as grc.com, stress that "stealth > >> mode" > >> (which openbsd handles with ease) is the safest. But I've also read that > >> using 'return' instead of 'drop' is good netizenship. So I'm wondered how > >> others are handling this and what recommendations you might have. > > > > "stealth" mode is totally overrated. > > > > For my clarification, are we talking about "stealth mode" as in dropping > everything (including pings) from untrusted hosts, or the default > block-policy (drop vs. return)?
the latter, drop. the former is not overrated. it is incredibly stupid. > Based on this discussion, I'm trying to decide if I want to change our > firewall block-policy to 'return' even though we already allow ping and > 'return' traffic to the firewalls themselves so things like traceroute > can work. being a nice net citizen you return and RST/icmp when you block sth. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
