[Fedora] Re: iptables: drop or reject?
Rahul Sundaram
sundaram at fedoraproject.org
Thu Oct 25 18:28:17 UTC 2007
Ashley M. Kirchner wrote:
> Manuel Arostegui Ramirez wrote:
>> In this case, I would choose to drop packets since they're not going
>> to stop, it's better to do not increase the packets on your interface.
>>
> That's kinda what I thought too, however as far as the sending
> machine is concerned, because it didn't get anything back, it could
> potentially see it as a successful delivery and thus continue to deliver
> more and more crap. On the other hand, if it does get some kind of
> reset...
>
> I don't know. I certainly don't want to increase my traffic, but I'd
> also don't want to give them any reason to believe that they reached me
> and then increase the amount of crap they're sending.
By rejecting packets, you would be explicitly confirming that you are a
active connection instead of being a blackhole which like any spam you
confirm can increase traffic. As you can see, this can play out both ways.
Rahul
More information about the users
mailing list