Hello Slava,
SS> Could someone please explain the difference between drop and reject and when
SS> should each be used?
drop : you drop the packet (you tell nothing to the other end)
reject : you reject the packet (you answer "i don't want this")
Honnestly, you should never use reject. Using reject is already
a way to completely DoS your site for a clever hacker.
Known exceptions include identd (for mail servers) tough and every
application where you can't afford to wait the 30 sec of TCP timeout
at the client side.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
