* Peter Marshall <peter.marshall@xxxxxxxxx> 11. May 04: > Which is better (to drop or reject packets)? I am asking more > specifically for connections from the internet to my external > firewall. REJECT is something more polite and suits to common standards. However, if your box is flooded with SYNs and your connection is disturbed you maybe should start DROPing packets. > My second question is if I have a DNS in my DMZ (contains only ip's in > my dmz. internal boxes use this as their DNS. This DNS falls back to > my ISP), do I have to allow both TCP and UDP connections on port 53 ? > Can I not just have UDP, or does it use both ? Both. HTH, regards, Frank. -- Sigmentation fault
