François TOURDE wrote: > But I think DROP is the best way, 'cause it slow down NMAP or other > sniffers.
nmap is not a sniffer but a portscanner. It's true that nmap is slowed down by DROP but this doesn't improve security very much and can have some annoying side effects (i.e. timeouts with ident-lookups).
