khatfield@s... Writes: > > The less you do with the firewall (routing/blocking/inspecting) the > better. > > Drop drop drop ;) I think this is really bad advice. A firewall should return destination-unreachable/reset packets for administratively prohibited traffic types. Drops, null routes, etc. should only be used in case of emergency like ongoing DoS attacks or for special cases like stealth firewalls. -- I FIGHT FOR THE USERS _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"