[Firehol-support] drop vs accept
Rick Marshall
rjm at zenucom.com
Mon Dec 5 03:53:43 GMT 2005
very important as i'd like to have a blanket policy across the high
ports (1025:65535) of drop, but open up some as required.
i could then use reject selectively where i want to be firendly.
but there's so many unfriendly packets arriving i intend to be
unfriendly back and not reject, but rather drop the packets. might slow
down some of their probing.
i guess if "policy drop" worked and didn't log the packets i wouldn't be
thinking this way.
rick
Carlos Rodrigues wrote:
>On 12/5/05, Rick Marshall <rjm at zenucom.com> wrote:
>
>
>>am i correct in assuming that if i have a "server accept.." command
>>followed by a "server reject..." then the accept will act and the
>>packets from the acceptable servers will arrive. anything else falls
>>through to the reject line (i want to make it a drop line).
>>
>>
>
>I guess you are right, but what's the point? If the policy for the
>interface is "reject", then the "server reject" line is redundant
>anyway.
>
>
>--
>Carlos Rodrigues
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
>for problems? Stop! Download the new AJAX search engine that makes
>searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
>http://ads.osdn.com/?ad_idv37&alloc_id�865&opÌk
>_______________________________________________
>Firehol-support mailing list
>Firehol-support at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/firehol-support
>
>
>!DSPAM:4393b7fa42115237216098!
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rjm.vcf
Type: text/x-vcard
Size: 146 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20051205/771760a2/attachment-0003.vcf>
More information about the Firehol-support
mailing list