** Reply to message from Mike Burger <[EMAIL PROTECTED]> on Thu, 19 Sep 2002 07:49:24 -0500 (EST)
> In order for the firewall to DROP a packet, it has to first allow the > packet to enter the firewall for checking. > > If the firewall is set to REJECT the packet, it simply closes the port and > doesn't accept connections on it, making it look like it's closed. But, if you REJECT a packet, it sends back a "port unreachable" return packet (this by the laws of the RFC). If you DROP a packet, it dies on the floor with no return. So you will always know when you have been REJECTed, but you will not always know if you have been DROPped... unless the scanner assumes that if it does not get an immediate response, then the packet has been dropped and a firewall must be up. jb -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
