On Fri, Sep 22, 2000 at 10:39:58AM +1100, Bernhard L?der wrote:
> I would also not use REJECT, but rather DENY. The difference is, that with
> DENY the request packets from the source are dropped without response.
> REJECT sends back an ICMP packet to the source saying "You're not allowed
> here". You would not want to "tell" anyone (maybe except for debugging),
> that you do not accept connections at the port of 23 (or any port for this
> matter).
That depends. If I know that you're machine is up ie I can ping it and I telnet
to port 23 then I know you are runing a firewall. Which might be fair enough. But with
REJECT
I can't tell the difference. Maybe you're running a firewall or maybe you just aren't
running a server
on that port.
makes a big difference if say you're putting the firewall up to make it look
to telstra and optus cable
that you're not running services. In this case you dfinetly want REJECT.
--
John
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
