On Tue, 2004-05-11 at 14:17, Frank Gruellich wrote: > > * Chris Brenton <cbrenton@xxxxxxxxxxxxxxxx> 11. May 04: > > I like rejecting with host-unreachables as it makes it look like you > > do not have a firewall. > > I hope you do this only in the FORWARD chain, don't you? Yup. Host unreachables originating from the host that is suppose to be unreachable don't have quite the same effect. ;-) C
