Gáspár Lajos wrote: > IMHO: > I do not like to waste resources. > An "unwanted/unallowed" incoming packet is already wasting time/bandwidth. > A reply (ICMP or whatever else) to this makes you waste your precious > resources. > (Think about the ASYMMETRIC DSL) Don't misunderstand the request. It is not a request to prohibit the possibility of using DROP as the default policy for chain, but one of *also* allowing use of REJECT as a default policy for a chain. It is simply easiest, from a configuration standpoint, to set default with a "-P" There are times and conditions when DROP will be the appropriate default, there are times and conditions when REJECT is the appropriate default. Currently REJECT can be done by adding it to the end of a chain, effectively making it default. Regards /Lars -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
