[Firehol-support] Re: whitelisting

JusTiCe8 justice8 at wanadoo.fr
Fri Jul 16 09:23:43 BST 2004


Hi,

Daniel Pittman a écrit :

>On 16 Jul 2004, Daniel L. Miller wrote:
>
>[...]
>
>
>That depends. Firehol can do two things with packets: drop and reject.
>
>'drop' means throw the packet away and do nothing more. A silent
>failure, effectively, with no indication to the sender that anything
>happened at all.
>
>'reject' means to tell the sender that they were not permitted to
>connect, which is much nicer to them.
>
>  
>
In a security point of view, it's better to drop instead of reject 
everything which is not welcomed from internet, in order to don't give 
any hints to a potential attacker.

>         Daniel
>  
>
Cheers,

   J8.




More information about the Firehol-support mailing list