* David Cannings <lists@xxxxxxxxx> 31. May 04: > On Monday 31 May 2004 10:45, Frank Gruellich wrote: > > * Markus Zeilinger <mz@xxxxxxxxxxxxxxxxxx> 31. May 04: > > > - Thy is DROP bad here? As I see REJECT would send an error message > > > back to the source, but this would not make any sense on packets > > > coming on the WAN interface with private IP addresses, or am I wrong? > > [misconfigured box] > Can you please explain how a TCP RST or ICMP message is supposed to get > back to a spoofed RFC 1918 (or otherwise reserved) address? What makes you think the address is spoofed? I assumed somebody just configured its external interface wrong. Some antique idea, that not all people are bad guys. > Sending replies of any sort out of a WAN interface onto the Internet > to a reserved or private address is very bad practice. Yes, okay, you are right. Sorry, a reflex, when I see -j DROP. > Some would even argue that sending to unallocated space is bad. What do you mean with unallocated space? Thank you, regards, Frank. -- Sigmentation fault
