[Firehol-support] drop vs accept

Rick Marshall rjm at zenucom.com
Mon Dec 5 04:53:43 CET 2005


very important as i'd like to have a blanket policy across the high 
ports (1025:65535) of drop, but open up some as required.

i could then use reject selectively where i want to be firendly.

but there's so many unfriendly packets arriving i intend to be 
unfriendly back and not reject, but rather drop the packets. might slow 
down some of their probing.

i guess if "policy drop" worked and didn't log the packets i wouldn't be 
thinking this way.

rick

Carlos Rodrigues wrote:

>On 12/5/05, Rick Marshall <rjm at zenucom.com> wrote:
>  
>
>>am i correct in assuming that if i have a "server accept.." command
>>followed by a "server reject..." then the accept will act and the
>>packets from the acceptable servers will arrive. anything else falls
>>through to the reject line (i want to make it a drop line).
>>    
>>
>
>I guess you are right, but what's the point? If the policy for the
>interface is "reject", then the "server reject" line is redundant
>anyway.
>
>
>--
>Carlos Rodrigues
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
>for problems?  Stop!  Download the new AJAX search engine that makes
>searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
>http://ads.osdn.com/?ad_idv37&alloc_id865&opÌk
>_______________________________________________
>Firehol-support mailing list
>Firehol-support at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/firehol-support
>
>
>!DSPAM:4393b7fa42115237216098!
>
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rjm.vcf
Type: text/x-vcard
Size: 146 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20051205/771760a2/attachment-0001.vcf>


More information about the Firehol-support mailing list