On Thu, 19 Sep 2002, Brenden Walker wrote: > > But, if you REJECT a packet, it sends back a "port > > unreachable" return packet (this by the laws of the RFC). If > > you DROP a packet, it dies on the floor with no return. So > > you will always know when you have been REJECTed, but you > > will not always know if you have been DROPped... unless the > > scanner assumes that if it does not get an immediate > > response, then the packet has been dropped and a firewall must be up. > > Seems to me that the preferred behaviour is to drop and thus neither confirm > nor deny that you even exist. Of course for UDP packets that doesn't seem to > matter much.
That's how my firewall is configured. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
