[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?

Subject: Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?
From: "Dave" <maxdoubt@xxxxxx>
Date: Sat, 11 Aug 2001 16:28:51 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

----- Original Message -----
From: "Scott F" <scott_falco@xxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Saturday, August 11, 2001 2:25 AM
Subject: [cobalt-security] IPChains/IPTables - DROP or DENY..?

> > A friend is insisting that IPChains will
> > accept the DROP command, but I can find *no*...

> >> DENY means to drop the packet on the floor.

> No, not exactly. I know they both do basically the
> same -The difference between the two are that DROP
> will drop the packet silently and DENY will return
> information. Drop also eat less memory on the system.

IPCHAINS definitions,

DENY: Do NOT accept the packet, do NOT reply.  Basically, IGNORE the sender
REJECT: Do not accept the packet.  If it's NOT an ICMP packet, send an ICMP
Host Unreachable reply to sender

Looks like you do want DENY........

Other acceptable Targets:

ACCEPT, MASQ, REDIRECT, RETURN...

Enjoy,
Dave~

References:
- [cobalt-security] IPChains/IPTables - DROP or DENY..?
  - From: Scott F

Prev by Date: Re: [cobalt-security] OpenSSH 2.9p2 pkgs released
Next by Date: Re: [cobalt-security] bad migration experience
Previous by thread: [cobalt-security] IPChains/IPTables - DROP or DENY..?
Next by thread: Re: [cobalt-security] IPChains/IPTables - DROP or DENY..?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index