At 18:01 16/11/02 +0100, Miguel Angel Rodr�guez J�dar wrote: >> using -j DROP as a target, what I want to know is what types >> of REJECT >> can be used for UDP packets? Thanks. > >AFAIK, UDP packets are not realiable, and haven't got things like the >RST option in their headers as TCP packets have, so dropping it is your >only choice.
Not true, While UDP doesn't have RST, you can still send an ICMP destination port unreachable error, which has the same effect. In fact, if you use TCPDUMP I think you'll find that the REJECT rule for both UDP *and* TCP uses ICMP destination port unreachables. This makes it possible to tell the difference with a scanner between a TCP port which is really closed (sends a RST) and a TCP port that is firewalled with REJECT. (Sends an ICMP DEST UNREACH) Regards, Simon
