On Mon, Mar 03, 2003 at 06:28:01PM +0100, Michael K wrote: > I saw this rule someware on the net. > $IPTABLES -A FORWARD -o $EXTERNALIF -p udp --dport 137 -j REJECT > > Whats the use to use reject on a UDP packet? Isn't udp connection-less > A more correct shouldn't that be "-j DROP"? Or am I thinking wrong here? REJECT is "return some ICMP code saying 'no go'" usually something like 'port unreachable'. DROP is "just forget about this packet, send nothing back to the source". Thus the difference has nothing to do with connectionful vs. connectionless. -Ath -- - Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/ Finger athan(at)fysh.org for PGP key "And it's me who is my enemy. Me who beats me up. Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
Attachment:
pgp00356.pgp
Description: PGP signature
