[Firehol-support] Re: whitelisting
JusTiCe8
justice8 at wanadoo.fr
Fri Jul 16 10:23:43 CEST 2004
Hi,
Daniel Pittman a écrit :
>On 16 Jul 2004, Daniel L. Miller wrote:
>
>[...]
>
>
>That depends. Firehol can do two things with packets: drop and reject.
>
>'drop' means throw the packet away and do nothing more. A silent
>failure, effectively, with no indication to the sender that anything
>happened at all.
>
>'reject' means to tell the sender that they were not permitted to
>connect, which is much nicer to them.
>
>
>
In a security point of view, it's better to drop instead of reject
everything which is not welcomed from internet, in order to don't give
any hints to a potential attacker.
> Daniel
>
>
Cheers,
J8.
More information about the Firehol-support
mailing list