On Thu, Sep 02, 1999 at 10:53:47PM -0700, George Bonser wrote: > >> What about using REJECT instead of DENY? That way the browser should
> there is something there that they are not allowed to access. They can simply > adjust their activity from a different location to see if they can gain access > to the rejected service. Isn't it the other way round? I can remember that "DENY" means "drop packet on the floor", while "REJECT" means to send back an ICMP packet saying: "connection refused" And when someone wants to connect to a port, on which nothing is listenning, he/she will get an ICMP reply "connection refused" - for example if you point your browser at a host without httpd running, you will get "connection refused". But if there is a rule saying to DENY packets from you, you will have to wait for a timeout. correct me if i'm wrong just my 2c Marcin -- --------------------------------- Marcin Owsiany [EMAIL PROTECTED] ---------------------------------
