Menu
▾
▴
Re: [Shorewall-users] REJECT vs. reject?
|
From: Tom E. <te...@sh...> - 2002-05-29 16:17:21
|
On Sat, 25 May 2002, John Stroud wrote: > I'm probably missing something, but what is the difference between lower > and upper case versions of the iptables' policies? > > The reason I ask, is I was troubleshooting some anomalies with scans and > port 135 showing as closed, when I thought it should be blocked. What I > found was two instances of policies stating 'reject' rather than > 'REJECT' in the common.def file -- one for port 135 and one for AUTH > blocking. > > Changing the case to upper does seem to change how the iptables -L > command displays the rule, but I just fail to fathom what the difference > means. > REJECT is a builtin target provided by Netfilter that by default rejects the connection request with an ICMP port unreachable response. 'reject' is a chain created by Shorewall that responds to TCP connection requests with a TCP RST and that responds to UDP connection requests with an ICMP port unreachable response. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ te...@sh... |