[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?
- Subject: Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?
- From: "Dave" <maxdoubt@xxxxxx>
- Date: Sat, 11 Aug 2001 16:28:51 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
----- Original Message -----
From: "Scott F" <scott_falco@xxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Saturday, August 11, 2001 2:25 AM
Subject: [cobalt-security] IPChains/IPTables - DROP or DENY..?
> > A friend is insisting that IPChains will
> > accept the DROP command, but I can find *no*...
> >> DENY means to drop the packet on the floor.
> No, not exactly. I know they both do basically the
> same -The difference between the two are that DROP
> will drop the packet silently and DENY will return
> information. Drop also eat less memory on the system.
IPCHAINS definitions,
DENY: Do NOT accept the packet, do NOT reply. Basically, IGNORE the sender
REJECT: Do not accept the packet. If it's NOT an ICMP packet, send an ICMP
Host Unreachable reply to sender
Looks like you do want DENY........
Other acceptable Targets:
ACCEPT, MASQ, REDIRECT, RETURN...
Enjoy,
Dave~