Blocking selected clients with iptables

Chris Carey chris.carey at gmail.com
Tue Jan 3 08:44:05 MST 2006


Coryey's rule is definately the most correct. I'm going to update some
of my own firewall rules as a result.

Generally its best to use DROP on Internet interfaces. Use REJECT on
LAN interfaces.

On a LAN, there is no reason to make your other clients wait around
for packet timeouts due to packets being DROPped. Using REJECT can
speed your network up significantly. Some people even argue that DROP
is not nice on the Internet, but it does have the benefit of making
you stealthy.



More information about the PLUG mailing list