I thought I'd spawn this question into a new thread so the original query doesn't get lost. O.K. now I have a question about reject vs deny. The way I understand it, if a connection is rejected, the firewall has to reply to the remote machine making the request, whereas deny will not send a reply and simply discard the packet. Is that correct? If so, then rejecting connections opens the machine to DoS attacks (particularly one spoofing their IP) which makes deny look like the more attractive option. Perhaps reject is better for machines inside the firewall and deny for those on the outside? Tim

-----Original Message----- From: Rogier Maas [SMTP:icarus@guldennet.nl] Sent: Monday, January 03, 2000 4:57 PM

<snip>

btw: REJECTing is mostly better than DENYing, because now ppl have to wait a while before their app gives up, because you're stealthing the port in stead of closing it.

REJECT instead of DENY:

ipchains -I input -l -d 192.168.1.4 53 -p tcp -j REJECT <snip>

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/