ipchains rules: REJECT vs. DENY

To: debian-user@lists.debian.org
Subject: ipchains rules: REJECT vs. DENY
From: Matthew Thompson <mattyt@oz.net>
Date: Wed, 25 Jul 2001 09:44:46 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.1010725094416.21764B-100000@doma.mattyt.net>

Greetings, all,

Just looking for some opinions/feedback from y'all.

I'm responsible for a few servers that are connected to the internet.
They are all running 2.2.19 kernels with ipchains.  Ports are open for
apache, ftp, smtp, ssh and imap, but all others are closed with a policy
of REJECT.

I was talking with a friend of mine who said it's better to have a policy
of DENY since that doesn't return any information and if someone is trying
to attack the machine on a closed port, it will take much longer to figure
it out.

Are there any drawbacks to DENY?  Is there a general consensus on this
subject?

Thanks in advance for any suggestions. :)

Cheers....................

Matthew Thompson       http://mattyt.net
mattyt@oz.net          http://www.oz.net/~mattyt
-For better or worse, you can't change where you're
from or what you've done.  You can only hope to change
who you are and where you're going.  Provided that's
necessary, of course.


--  
To UNSUBSCRIBE, email to debian-testing-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: ipchains rules: REJECT vs. DENY
  - From: Jason Healy <jhealy@logn.net>

Prev by Date: Re: Carriage return in email headers, body, possibly Netcom problem
Next by Date: Re: Outlook to GNU/Linux mailbox conversion is possible with exis ting tools
Previous by thread: Re: apt on kde like gnome-apt on gnome (kapt ?)
Next by thread: Re: ipchains rules: REJECT vs. DENY
Index(es):
- Date
- Thread