On Mon, 13 Aug 2018 20:15:26 +0000 Robert White <rwhite@xxxxxxxxx> wrote: > ... > As for DROP versus REJECT :: Using REJECT in most firewall rules is > considered harmful as it generates return traffic. In the case of casual > misuse of services that's fine, but in terms of overally internet > citizenship it's bad. If I send you a well crafted packet with my > enemy's IP address as the source address, your system's REJECT events > will generate traffic towards my target. This reflection of traffic lets > me use your host (among many) to DDOS a third party. > > Having a reflection like this on your host can actually attract bad > actors to your firewall as you may eventually be found by a bot net and > used for this sort of attack with some frequency. Internal hosts should be REJECTed; the last thing you want to deal with are local users whining about how slow the internet is. Internet hosts should be DROPped (unless, perhaps, you happen to know and trust that host). N
