[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] IPChains/IPTables - DROP or DENY..?
- Subject: [cobalt-security] IPChains/IPTables - DROP or DENY..?
- From: Scott F <scott_falco@xxxxxxxxx>
- Date: Fri, 10 Aug 2001 23:25:45 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> A friend is insisting that IPChains will
> accept the DROP command, but I can find *no*
> reference to IPChains accepting DROP in any
> manual or documentation so far.. I know
> IPTables accepts it, but I didn't think
> IPChains did.
>
>>From man ipchains:
>>
>> DENY means to drop the packet on the floor.
>>
>> Is that what you mean by DROP?
No, not exactly. I know they both do basically the
same -The difference between the two are that DROP
will drop the packet silently and DENY will return
information. Drop also eat less memory on the system.
--BUT-- To my understanding only IPTables can accept
the DROP (or DENY) command, IPChains only accepts
DENY. A friend is insisting that IPChains can accept
the DROP command as well and that I should change all
the DENY statements in my firewall to DROP instead..
But I'm almost sure DROP can only be used with
IPTables. That's what I'm trying to clarify.
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/