6 Nov
2013
6 Nov
'13
noon
On 11/06/2013 01:26 PM, mick wrote:
I disagree. Dropping all traffic other than that which is explicitly required is IMHO a better practice. (And how do you know in advance which ports get attacked?)
Using reject instead of drop simplifies troubleshooting.
http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
Drop tends to get in the way.
Regards, /Lars