[ale] nmap and REJECT rules

Jonathan Rickman jrickman at gmail.com
Mon May 9 11:11:29 EDT 2005


DROP is better for keeping your ruleset hidden, but REJECT is better
for ridding yourself of broken clients, dhcp related drag connections,
and other bandwidth sucking nonsense. DROP is the proper choice in
99.9% of situations.

--
Jonathan

On 09 May 2005 09:50:40 -0400, Christopher Fowler
<cfowler at outpostsentinel.com> wrote:
> I have iptables to reject attempted connections to certain ports.  NMAP
> sees these as filtered.  I thought reject was to give the appearance
> that they are closed.  How does NMAP know that it is being filtered.
> Maybe DROP is a better rule?
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



More information about the Ale mailing list