[Firehol-support] Re: whitelisting
justice8 at wanadoo.fr
Fri Jul 16 09:23:43 BST 2004
Daniel Pittman a écrit :
>On 16 Jul 2004, Daniel L. Miller wrote:
>That depends. Firehol can do two things with packets: drop and reject.
>'drop' means throw the packet away and do nothing more. A silent
>failure, effectively, with no indication to the sender that anything
>happened at all.
>'reject' means to tell the sender that they were not permitted to
>connect, which is much nicer to them.
In a security point of view, it's better to drop instead of reject
everything which is not welcomed from internet, in order to don't give
any hints to a potential attacker.
More information about the Firehol-support