[Fedora] Re: iptables: drop or reject?

John Summerfield debian at herakles.homelinux.org
Thu Oct 25 23:22:39 UTC 2007


Ashley M. Kirchner wrote:
> Manuel Arostegui Ramirez wrote:
>> In this case, I would choose to drop packets since they're not going 
>> to stop, it's better to do not increase the packets on your interface.
>>   
>    That's kinda what I thought too, however as far as the sending 
> machine is concerned, because it didn't get anything back, it could 
> potentially see it as a successful delivery and thus continue to deliver 
> more and more crap.  On the other hand, if it does get some kind of 
> reset...

It won't continue the conversation if nobody's listening. I'd drop the 
packet so as to slow the culprit down.

Whether it has any measurable effect is subject to some debate, but I 
feel better that way;-)

I don't know a good reason to reject anyone's traffic other than mine.



-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

Please do not reply off-list




More information about the fedora-list mailing list