[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] IPChains/IPTables - DROP or DENY..?

Subject: [cobalt-security] IPChains/IPTables - DROP or DENY..?
From: Scott F <scott_falco@xxxxxxxxx>
Date: Fri, 10 Aug 2001 23:25:45 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> A friend is insisting that IPChains will
> accept the DROP command, but I can find *no* 
> reference to IPChains accepting DROP in any 
> manual or documentation so far.. I know 
> IPTables accepts it, but I didn't think 
> IPChains did.
>
>>From man ipchains:
>>
>> DENY means to drop the packet on the floor.
>>
>> Is that what you mean by DROP?

No, not exactly. I know they both do basically the
same -The difference between the two are that DROP
will drop the packet silently and DENY will return
information. Drop also eat less memory on the system.

--BUT-- To my understanding only IPTables can accept
the DROP (or DENY) command, IPChains only accepts
DENY. A friend is insisting that IPChains can accept
the DROP command as well and that I should change all
the DENY statements in my firewall to DROP instead..
But I'm almost sure DROP can only be used with
IPTables. That's what I'm trying to clarify.

__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

Follow-Ups:
- Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?
  - From: Dave
- Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?
  - From: Ted Behling

Prev by Date: [cobalt-security] OpenSSH 2.9p2 pkgs released
Next by Date: Re: [cobalt-security] bad migration experience
Previous by thread: Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?
Next by thread: Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index