iptables firewall default to drop instead of reject?
Alan Cox
alan at redhat.com
Fri Jan 20 14:29:26 UTC 2006
On Fri, Jan 20, 2006 at 03:10:32PM +0100, Jurgen Kramer wrote:
> I noticed that with FC5t2 the iptables firewall still has the -j REJECT
> --reject-with icmp-host-prohibited rule instead of a more secure -j
> DROP.
It isn't really much more secure and the drop behaviour would stop it working
out of the box for some users and environments. The goal for any automatic
firewalling setup has to be that users never feel it causes problems, or they
may just turn it off.
Technical users can install more advanced firewall tools like firestarter
Alan
More information about the fedora-test-list
mailing list