On Wed, Feb 26, 2020 at 09:54:09PM +0300, Reco wrote: > Hi. > > On Wed, Feb 26, 2020 at 01:50:40PM -0500, Lee wrote:
[...] > > Have you considered REJECT instead of DROP? > > A neat idea for your LAN. A bad idea in this case. Exactly. > You *want* that other side to retry, wasting their time instead of > spamming their target. In fact, one should consider using TARPIT instead > of a DROP here. Moreover: you don't want the other side to even know that you're there. The less info you give away the better. In a LAN, however, REJECT is far better: you want the other side to know that you're there, but not talking. Cheers -- t
signature.asc
Description: Digital signature
