Please read the rest of the thread before criticizing. On Feb 13, 2013, at 9:58 AM, "Matthew X. Economou" <[email protected]> wrote: > khatfield@s... Writes: >> >> The less you do with the firewall (routing/blocking/inspecting) the >> better. >> >> Drop drop drop ;) > > I think this is really bad advice. A firewall should return > destination-unreachable/reset packets for administratively prohibited > traffic types. Drops, null routes, etc. should only be used in case of > emergency like ongoing DoS attacks or for special cases like stealth > firewalls. > > -- > I FIGHT FOR THE USERS > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"