[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: iptables firewall default to drop instead of reject?

From: Alan Cox <alan redhat com>
To: For testers of Fedora Core development releases <fedora-test-list redhat com>
Subject: Re: iptables firewall default to drop instead of reject?
Date: Fri, 20 Jan 2006 09:29:26 -0500

On Fri, Jan 20, 2006 at 03:10:32PM +0100, Jurgen Kramer wrote:
> I noticed that with FC5t2 the iptables firewall still has the -j REJECT
> --reject-with icmp-host-prohibited rule instead of a more secure -j
> DROP. 

It isn't really much more secure and the drop behaviour would stop it working
out of the box for some users and environments. The goal for any automatic
firewalling setup has to be that users never feel it causes problems, or they
may just turn it off.

Technical users can install more advanced firewall tools like firestarter

Alan

References:
- iptables firewall default to drop instead of reject?
  - From: Jurgen Kramer

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]