[ale] ipchains in 2.4.13
Transam
transam at cavu.com
Fri Jan 25 15:56:18 EST 2002
> In the RULE, what is the difference between REJECT and DENY. Which
> would I use the most.
DENY drops the packet without telling the sender that the packet is being
dropped (thrown away).
REJECT sends the sender an ICMP packet telling him that the packet is being
dropped. Thus he knows that his packet is being stopped by a Firewall.
Getting REJECT's ICMP response tells the sender that there is a Firewall
there and gives him some information about your network.
Generally blocked traffic that originated from the Internet should get DENY
and traffic from inside your network should get REJECT. Thus a command like
telnet disallowed-mail-server 25
gets
telnet: Unable to connect to remote host: Connection refused
instead of just hanging.
Bob
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list