Re: Block stupid/annoying sites

To: debian-user list <debian-user@lists.debian.org>
Subject: Re: Block stupid/annoying sites
From: Marcin Owsiany <porridge@pandora.info.bielsko.pl>
Date: Fri, 3 Sep 1999 12:16:41 +0000
Message-id: <[🔎] 19990903121641.A17633@pandora.info.bielsko.pl>
Mail-followup-to: debian-user list <debian-user@lists.debian.org>
In-reply-to: <[🔎] XFMail.990902225347.grep@shorelink.com>; from George Bonser on Thu, Sep 02, 1999 at 10:53:47PM -0700
References: <[🔎] XFMail.990903052045.pollywog@shadypond.com> <[🔎] XFMail.990902225347.grep@shorelink.com>

On Thu, Sep 02, 1999 at 10:53:47PM -0700, George Bonser wrote:
> >> What about using REJECT instead of DENY?  That way the browser should

> there is something there that they are not allowed to access. They can simply
> adjust their activity from a different location to see if they can gain access
> to the rejected service.

Isn't it the other way round?
I can remember that "DENY" means "drop packet on the floor", while "REJECT"
means to send back an ICMP packet saying: "connection refused"
And when someone wants to connect to a port, on which nothing is listenning,
he/she will get an ICMP reply "connection refused" - for example if you
point your browser at a host without httpd running, you will get "connection
refused". But if there is a rule saying to DENY packets from you, you will
have to wait for a timeout.

correct me if i'm wrong

just my 2c

Marcin

-- 

---------------------------------
Marcin Owsiany
porridge@pandora.info.bielsko.pl
---------------------------------

Reply to:

Follow-Ups:
- Re: Block stupid/annoying sites
  - From: Pollywog <pollywog@shadypond.com>

References:
- Re: Block stupid/annoying sites
  - From: Pollywog <pollywog@shadypond.com>
- Re: Block stupid/annoying sites
  - From: George Bonser <grep@shorelink.com>

Prev by Date: Re: ipchains firewalling question
Next by Date: NetBIOS over IPX
Previous by thread: Re: Block stupid/annoying sites
Next by thread: Re: Block stupid/annoying sites
Index(es):
- Date
- Thread