Hello Slava,
Here are the differences for TCP:
With a drop rule, when a unauthorised host tries to
send a packet through the Firewall, the packet is
silecncely dropped.
With a reject rule, the firewall sends a RESET in
reply to the packet of the host. This generally means
that the host will imediately know that the connection
is not possible, as opposed to the drop rule, where
the host will wait for an answer until it times out.
Personally I use drop rules whenever I want to block
communication (by the way, it's only the last rule in
my rulebase taht does this). The only time I used a
reject rule was on service identd; because some mail
servers use it to identify who is trying to send mail
to them (I guess), and the whole process is much
faster with a reject rule.
I don't know if there is a difference for UDP packets.
Maybe the reject rule sends an ICMP port unreachable?
Regards,
Didier.
--- Slava Shubinsky <[EMAIL PROTECTED]> a �crit�:
>
> Could someone please explain the difference between
> drop and reject and when
> should each be used?
>
> Thanks!
>
___________________________________________________________
Do You Yahoo!?
Achetez, vendez! � votre prix! Sur http://encheres.yahoo.fr
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
