DROP
1) drop or deny simply swallows the packet never to be seen again, and emits no response.
2) A DROP policy makes it appear to peers that your host is turned off or temporarily unreachable due to network problems.
3) attempts to connect to TCP services will take a long time to fail,as clients will receive no explicit rejection message
REJECT
1) responds to the packet with a friendly message back to the sender,something like hello i have rejected your packet
2) can leave you open to D.O.S attacks
source: linux security cook book
No comments:
Post a Comment