Linux-Iptables

From DevRandom

Jump to: navigation, search

Difference between DROP and REJECT

DROP just drops the packets while REJECT discards the packet and sends an ICMP ERROR (port unreachable) message back. DROP is more stealthier and reveals less but it can also cause the tcp stack on the sender's machine to wait and then send another syn packet, and possibly repeat several times. You can also modify the REJECT to do send a "host unreachable" type instead of the default "port unreachable". This tells the sender that either there is no server or it is completely down.

Retrieved from "http://www.sriramrajan.com/wiki/Linux-Iptables"
Views
Personal tools
About Me

Blog

Contact Me

Resume

Photos