Fedora Users — Re: [Fedora] Re: iptables: drop or reject?

Re: [Fedora] Re: iptables: drop or reject?

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: For users of Fedora <fedora-list@xxxxxxxxxx>

Subject: Re: [Fedora] Re: iptables: drop or reject?

From: John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx>

Date: Fri, 26 Oct 2007 07:22:39 +0800

In-reply-to: <4720E02A.2060804@xxxxxxxxxx>

References: <4720D854.2010801@xxxxxxxxxx> <200710252014.50791.manuel@xxxxxxxxxxxxxx> <4720E02A.2060804@xxxxxxxxxx>

Reply-to: For users of Fedora <fedora-list@xxxxxxxxxx>

User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070620 SeaMonkey/1.1.2

Ashley M. Kirchner wrote:

Manuel Arostegui Ramirez wrote:
In this case, I would choose to drop packets since they're not goingto stop, it's better to do not increase the packets on your interface.
That's kinda what I thought too, however as far as the sendingmachine is concerned, because it didn't get anything back, it couldpotentially see it as a successful delivery and thus continue to delivermore and more crap. On the other hand, if it does get some kind ofreset...

It won't continue the conversation if nobody's listening. I'd drop thepacket so as to slow the culprit down.

Whether it has any measurable effect is subject to some debate, but Ifeel better that way;-)


I don't know a good reason to reject anyone's traffic other than mine.



--

Cheers
John

-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx  Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

Please do not reply off-list