iptables firewall default to drop instead of reject?

[Jurgen Kramer]

I noticed that with FC5t2 the iptables firewall still has the -j REJECT
--reject-with icmp-host-prohibited rule instead of a more secure -j
DROP. 
What is the reason behind this? 

Maybe there should be an 'advanced' option in the system-config-
securitylevel which let you choose to do a drop instead of sending icmp
host prohibited messages. I think this is a sensible option for servers
connected to the Net.

You can of course alter the file /etc/sysconfig/iptables by hand but
this can possibly be overwritten by system updates.

Jurgen