> It seems in the new upsteram version "REJECT --reject-with > icmp-port-unreachable" > is the default iptables action, instead of DROP.
yeap > a) Is this reasonable? I mean it causes further packages to be sent, possibly > even > resulting in kinda DoS. reasoning: https://github.com/fail2ban/fail2ban/pull/215 could you describe a good recipe for such a DoS which would not be possible really with DROP? > b) Shouldn't such a change be documented in NEWS.Debian? yeah -- probably it should have been... I will add for a new revision whenever upload, thus will keep this report open Cheers, -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Senior Research Associate, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
