Hello all!
What you use more - DROP or REJECT to decline some packets? What is more helpful/useful?
Regards,
Vadim.
for packets coming from outside always use DROP. for packets coming from inside use REJECT.
REJECT will send an ICMP message telling them it was rejected, however, it can be used to DDOS another person. Many DDOS attacks are spoofed sources that take advantage of REJECT vs DROP. It is advised to use DROP on your internet facing resources. If you choose to use REJECT at least rate limit it and use a drop as the next rule.
Sam
Sam thanks a lot for those informations.