From: Brent Clark <bclark@eccotours.co.za>
To: netfilter@lists.netfilter.org
Subject: REJECT --reject-with icmp-host-unreachable vs DROP
Date: Mon, 27 Mar 2006 10:47:25 +0200 [thread overview]
Message-ID: <4427A69D.6010702@eccotours.co.za> (raw)
Hi all
Just something I would like to pick someones brain with.
If I use the default policy of drop, BUT at the end of the chain use the following
$IPT -t filter -A FORWARD -j REJECT --reject-with icmp-host-unreachable
Would that be ok, or does is another ICMP message I can reply back with.
Reason I ask this is because I find that by using the default policy (DROP), some applications keep retrying to make a
connection etc.
Where as this approach, seems to slow things down (I stand to correction on this).
If someone could maybe help me understand this or assit I would be most grateful.
Kind Regards
Brent Clark
next reply other threads:[~2006-03-27 8:47 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-27 8:47 Brent Clark [this message]
2006-03-27 9:21 ` REJECT --reject-with icmp-host-unreachable vs DROP Martijn Lievaart
2006-03-27 13:07 ` Menno Smits
2006-03-27 15:24 ` Nathaniel Hall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4427A69D.6010702@eccotours.co.za \
--to=bclark@eccotours.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.