On 2022-07-12 10:33, Gareth Evans wrote:
On Tue 12 Jul 2022, at 10:19, Maximiliano Estudies
I think it is just that 'reject' tells the remote system there is something listening.In most cases it's a best practice to configure all chains with _policy drop_ and then add rules for the traffic that you want to allowAll the nftables and PF howtos I have found take this approach.Why is it best practice? Is there any security advantage over rejection?
mick