> OK, so drop the ping probes as well ;-) > > Nope, you didn't convince me. Ok :)
> If a router has no services on it then DROP/REJECT or even ACCEPT > doesn't make any difference. There is nothing to protect... true, but some admins like if traceroute shows * * *, so that's your way to go. > -) If you drop, then nmap says "filtered". Big deal. > -) If you reject, then nmap says "closed". Again, big deal. Of course, but some admins like it "closed". I realize, that firewall is not magic, and besides network security, everybody need application/configuration security. > time out...and of course, your reject is an excellent source > of fingerprint... That is true. Thanks for your thoughts on that. I have just made a HTML page (links safe) to read and download the patch. + install instructions. http://dns.toxicfilms.tv/netfilter signing out for the day. ctrl+d > Ramin Maciej
