On Tue 12 Jul 2022, at 10:19, Maximiliano Estudies <maxiestudies@gmail.com> wrote: > drop and reject are not equivalent. Fair enough [...] > In most cases it's a best practice to configure all chains with > _policy drop_ and then add rules for the traffic that you want to > allow All the nftables and PF howtos I have found take this approach. Why is it best practice? Is there any security advantage over rejection? Thanks, Gareth