I had heard that it is better to have a 'reject' rule instead of a 'deny' one, as reject will give back an immediate reply to the interrogator, while just rejecting the query can give you a multitude of 'retry', which can eat you bandwidth with lots and lots of retries. If possible, can somebody point me where can I get correct information on this (white papers, hints, tips, anything..)
Nick wrote: > I was under the impression that the "stealth rule" was to have anything > going directly to your Firewall dropped, therefore making your FW's > addess a "black hole". It never answers anything, except what you > specifically allow for management purposes. -- saudações, irado furioso com tudo. Linux User (SuSE) 179.402 explicando o padre marcelo ('o mala', the pope's boy, the pope's star): mer$&^ velha com roupa nova.