> > I agree that it is important to block certain UDP ports/traffic. What > > the issue is, is what is the purpose of REJECTing a UDP packet versus > > DROPping the UDP packet? My point is, sending back a REJECT message > > doesn't make sense with UDP. Why not? RFCs say that a closed UDP port should elicit icmp dest.unreach./port unreach. So it does make sens to be in conformance with the standards. That is how portscanners see if a port is closed or not. If you drop the packets, it may mean that the port is either open or is filtered. Regards, Maciej
