From: "David Durst" <ddurst@larubber.com>
> >>But then again you may want to think twice about using a DEFAULT DROP
> >> firewall, DEFAULT DROP uses alot of resources for packets you might
> >> just be able to ignore.
> >
> > That is false.
> >
> > DROP means "drop this packet on the floor and do not process it", which
> > is the least resource using of the bunch.
> >
> >>I you would like to understand more drop a line to me.
> >
> > LOL
>
>
> Mike, I would rather not respond to any of your posts but I think in
> this case I am forced to. BTW - LOLs at typos are not needed.
>
> Mike by the very nature of what you stated about DROP it does have to
DOOOOO
> something, yes it has to drop it - but then again why DROP a packet or
even
> bother with inserting a rule if the packet won't do anything in the first
> place.
>
> I think the policy of just IGNORE packets that do nothing is the best.
<Pulls out her HUGE clue stick, beats David Durst about the head
several times, and quietly mentions that this is PRECISELY what
DROP does. Not using DROP ensures that something IS done with the
packets even if it is as simple as sending back a reject packet
to indicate the port is not opened.>
{o.o} <- Wondering if the clue stick worked.
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
