Re: rst or drop when defining PF firewall rules.

From: sam (sam.wun_at_authtec.net)
Date: 11/09/04


Date: Tue, 09 Nov 2004 13:51:19 +0800

Conrad J. Sabatier wrote:
> In article <cmn5v4$1mnn$1@news.hgc.com.hk>, sam <sam.wun@authtec.net> wrote:
>
>>

>
>
> Better to drop. This saves bandwidth, and may even lead a would-be attacker
> to conclude there's nothing there.
>
> Sending any sort of reply only confirms for them that they've found a target
> to work on.
>
I also agree this setting in the firewall. But I don't understand why PF
or other firewalls also include option for sending "rst" as an
alternative. There may be a reason, but I can't find a clear answer to this.

Is this for _backward_ compatitable?

Sam.