I'd like to add the ability to use the REJECT target as a default policy to the netfilter / iptables wishlist. Using REJECT as a default is currently possible as a kludge a few steps would be saved by allowing it as a default policy. Perhaps that might even speed up some filtering in some cases. A good (IMHO) discussion of DROP vs REJECT has been written by Peter Benie : http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject Regards, /Lars -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
