>> I've been reading about DROP vs. REJECT and some are saying that DROP >> causes problems without any benefit. Do you guys agree? Should DROP >> normally not be used at all? > > DROP is perfectly acceptable as a default policy for traffic from the > internet. Shorewall's "default DROP action" (action.Drop) get applied > before a packet is actually dropped, ensuring that traffic that it is > potentially harmful to DROP is handled properly. > > DROP isn't particularly friendly for traffic that originates behind your > firewall -- for that traffic, REJECT is a better choice.
What is the advantage of using DROP? Is it supposed to leave the requester wondering whether or not there is a service running at that location? - Grant ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
