Re: rst or drop when defining PF firewall rules.

From: sam (
Date: 11/09/04

Date: Tue, 09 Nov 2004 13:51:19 +0800

Conrad J. Sabatier wrote:
> In article <cmn5v4$1mnn$>, sam <> wrote:

> Better to drop. This saves bandwidth, and may even lead a would-be attacker
> to conclude there's nothing there.
> Sending any sort of reply only confirms for them that they've found a target
> to work on.
I also agree this setting in the firewall. But I don't understand why PF
or other firewalls also include option for sending "rst" as an
alternative. There may be a reason, but I can't find a clear answer to this.

Is this for _backward_ compatitable?