Henning Brauer wrote: > * Chris Smith <[EMAIL PROTECTED]> [2007-04-25 00:42]: >> Using openbsd as a firewall in several cases - a few small businesses, and >> also for home use. Some websites, such as grc.com, stress that "stealth >> mode" >> (which openbsd handles with ease) is the safest. But I've also read that >> using 'return' instead of 'drop' is good netizenship. So I'm wondered how >> others are handling this and what recommendations you might have. > > "stealth" mode is totally overrated. >
For my clarification, are we talking about "stealth mode" as in dropping everything (including pings) from untrusted hosts, or the default block-policy (drop vs. return)? Based on this discussion, I'm trying to decide if I want to change our firewall block-policy to 'return' even though we already allow ping and 'return' traffic to the firewalls themselves so things like traceroute can work.
