On Mon, Nov 03, 2008 at 04:22:19PM -0700, Corey Edwards wrote: > I believe Nick is right. I would just add that on the LAN side of > things, I would REJECT rather than DROP. That'll save your host the > hassle of waiting for a timeout.
I too would use REJECT over DROP. If you pay close attention to standard
TCP implementation, REJECT behaves more like TCP than DROP does. While
DROP may seem more secure on the outset, the fact remains that REJECT is
the preferrence for security.
--
_
Aaron Toponce ( ) ASCII Ribbon Campaign
www.aarontoponce.org X www.asciiribbon.org
/ \
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
