[ale] iptables: DROP vs. REJECT --reject-with tcp-reset
James P. Kinney III
jkinney at localnetsolutions.com
Tue Apr 2 11:58:15 EST 2002
If someone is banging on a port I have closed off for security reasons,
I don't want to give them any information or waste any bandwidth telling
them to go away. Just like when the door-to-door salesman knocks, I
don't want to be bothered to answer it and tell them to go away.
Besides, DROP is shorter to type and uses less of my systems to
implement. :)
On Tue, 2002-04-02 at 10:43, Mike Millson wrote:
> Right now my iptables firewall is set up to DROP all undesirable TCP
> packets. However, I have read that DROP can be a giveaway that you are
> running a firewall. Is it better to try to look like you don't have a
> firewall and use REJECT --reject-with tcp-reset? What are good scenarios to
> use REJECT --reject-with tcp-reset?
>
> Thank you,
> Mike
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
>
--
James P. Kinney III \Changing the mobile computing world/
President and COO \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list