[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipchains
Subject:    Re: [ipchains] DENY vs REJECT
From:       Paul Rusty Russell <Paul.Russell () rustcorp ! com ! au>
Date:       1998-10-18 10:30:11
[Download RAW message or body]

In message <36289ADC.36C88AA6@unisa.edu.au> you write:
> Hello Everyone,
> 
> Under what circumstances would I specify a REJECT over a DENY and vice
> versa?

REJECT is nicer.  It lets the sender know (via an ICMP packet) that
the packet was dropped.  DENY isn't.

DENY is thought by some to be marginally more secure.  Of course,
they'll figure out that you're firewalling if they have half a clue
anyway, so it's not really.

Rusty.
--
 .sig lost in the mail.
==========================================================================
To unsubscribe send email to: majordomo@wantree.com.au with
'unsubscribe ipchains <email address>' in the message body.
(replace <email address> with your email address :)
==========================================================================

[prev in list] [next in list] [prev in thread] [next in thread]