[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Block stupid/annoying sites

On Thu, Sep 02, 1999 at 10:53:47PM -0700, George Bonser wrote:
> >> What about using REJECT instead of DENY?  That way the browser should

> there is something there that they are not allowed to access. They can simply
> adjust their activity from a different location to see if they can gain access
> to the rejected service.

Isn't it the other way round?
I can remember that "DENY" means "drop packet on the floor", while "REJECT"
means to send back an ICMP packet saying: "connection refused"
And when someone wants to connect to a port, on which nothing is listenning,
he/she will get an ICMP reply "connection refused" - for example if you
point your browser at a host without httpd running, you will get "connection
refused". But if there is a rule saying to DENY packets from you, you will
have to wait for a timeout.

correct me if i'm wrong

just my 2c



Marcin Owsiany

Reply to: