Coryey's rule is definately the most correct. I'm going to update some of my own firewall rules as a result.
Generally its best to use DROP on Internet interfaces. Use REJECT on LAN interfaces. On a LAN, there is no reason to make your other clients wait around for packet timeouts due to packets being DROPped. Using REJECT can speed your network up significantly. Some people even argue that DROP is not nice on the Internet, but it does have the benefit of making you stealthy. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
