Grant wrote: > I've been reading about DROP vs. REJECT and some are saying that DROP > causes problems without any benefit. Do you guys agree? Should DROP > normally not be used at all?
DROP is perfectly acceptable as a default policy for traffic from the internet. Shorewall's "default DROP action" (action.Drop) get applied before a packet is actually dropped, ensuring that traffic that it is potentially harmful to DROP is handled properly. DROP isn't particularly friendly for traffic that originates behind your firewall -- for that traffic, REJECT is a better choice. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
