On Sun, 1 Dec 2002, David Durst wrote: >>>But then again you may want to think twice about using a DEFAULT DROP >>> firewall, DEFAULT DROP uses alot of resources for packets you might >>> just be able to ignore. >> >> That is false. >> >> DROP means "drop this packet on the floor and do not process it", which >> is the least resource using of the bunch. >> >>>I you would like to understand more drop a line to me. >> >> LOL > > >Mike, I would rather not respond to any of your posts but I think in >this case I am forced to. BTW - LOLs at typos are not needed. You're never forced to do anything. You make your own concious decisions on what you choose to respond or not to respond to. I wasn't laughing at your typo, and in fact did not even notice it until just now when trying to find a typo in what you said. I think everyone else realizes what the LOL was about though. >Mike by the very nature of what you stated about DROP it does >have to DOOOOO something, yes it has to drop it - but then again >why DROP a packet or even bother with inserting a rule if the >packet won't do anything in the first place. > >I think the policy of just IGNORE packets that do nothing is the >best. No offense intended, but you don't particularly come off as really knowing anything about iptables or Linux firewalling to be honest. People have attempted to correct your mistaken understanding of how things work, however you seem quite sure of yourself and not too willing to listen to the useful and correct advice and comments that others are supplying. I'm inclined to believe that you will believe whatever you want to believe and no manner of attempting to help you understand what you're saying is wrong will change that. In other words, you've convinced yourself what is right, and wont listen to anyone else. You're free to do so of course, as it doesn't really affect anyone else. But it doesn't help you much either. It's not particularly useful to argue or debate such things though, as people who do know how it works, already know and any part they play in the discussion is merely to try to help others to understand. They stand little to gain by arguing with someone who does not understand, but thinks they do. And people who think they know something and refuse to listen to people trying to straighten out their misunderstanding, aren't going to convince anyone who does know. It's basically conversational deadlock, and a waste of both party's time. Those who are out there reading both sides, and are not sure what to believe, should join the netfilter mailing list, or discuss the topics with various people considered true experts in the specific area. They'll likely be more than happy to explain firewall concepts to a beginner, or even someone who has been working with things for a while but isn't an expert in the area. The netfilter mailing lists are ultimately where to ask these types of things and get good proper answers. -- Mike A. Harris ftp://people.redhat.com/mharris OS Systems Engineer - XFree86 maintainer - Red Hat -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
