On Fri, 15 Oct 2004 14:43:40 +0100 (IST), VJ <vj@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > Harry, > Thanks a lot for your reply. I am using DROP policy by default, and > just open the required holes in firewall (HTTP and SMTP only). This PC > is not used for browsing at all. It is just a firewall + samba server + > http server + smtp server + ftp server + MythTV recording + > playing(both backend + frontend) + more little jobs. > I do use DROP but I do not log REJECT. Should I do that? Keep using drop. reject provides additional information to an attacker. -- Leonard Isham, CISSP Ostendo non ostento.
