Re: Block stupid/annoying sites
On Thu, Sep 02, 1999 at 10:53:47PM -0700, George Bonser wrote:
> >> What about using REJECT instead of DENY? That way the browser should
> there is something there that they are not allowed to access. They can simply
> adjust their activity from a different location to see if they can gain access
> to the rejected service.
Isn't it the other way round?
I can remember that "DENY" means "drop packet on the floor", while "REJECT"
means to send back an ICMP packet saying: "connection refused"
And when someone wants to connect to a port, on which nothing is listenning,
he/she will get an ICMP reply "connection refused" - for example if you
point your browser at a host without httpd running, you will get "connection
refused". But if there is a rule saying to DENY packets from you, you will
have to wait for a timeout.
correct me if i'm wrong
just my 2c
Marcin
--
---------------------------------
Marcin Owsiany
porridge@pandora.info.bielsko.pl
---------------------------------
Reply to: