LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How do I DROP filtered packets on a Cisco router (https://www.linuxquestions.org/questions/linux-networking-3/how-do-i-drop-filtered-packets-on-a-cisco-router-883853/)

enyawix 05-31-2011 10:37 PM
How do I DROP filtered packets on a Cisco router
 
I bought a Cisco 1841 to study for a cisco certs. In iptables terms filtered packets are -j REJECT instead of -j DROP. To make things worse telnet and ping replies are on by default.

acid_kewpie 06-01-2011 01:58 AM
What are you actually asking? Do you just need to read up on ios IP access-list commands? Sounds like you simply need to study Cisco configuration in general.

enyawix 06-01-2011 07:34 AM
I asked here because no one in my cisco class seems to know the difference between rejecting a packet and dropping packet.Computer users are just as good as they once were.

acid_kewpie 06-01-2011 07:36 AM
reject = tell the client to go $#@! themselves
drop = ignore the client

rejecting is, somewhat oddly, more polite, but does also logically "leak" information in that the service, or at least the end system, does probably exist and someone doesn't want you playing with it.

enyawix 06-23-2011 08:24 PM
Thanks for replying. You are the only person who understands the problem. $1k router and I hate it. I went back to iptables because I see the Cisco as a security risk.

acid_kewpie 06-24-2011 01:26 AM
Quote:
Originally Posted by enyawix (Post 4394174)
Thanks for replying. You are the only person who understands the problem. $1k router and I hate it. I went back to iptables because I see the Cisco as a security risk.
Well with all due respect, that's just daft. A Cisco router is NOT a security risk, a Cisco router and a network administrator without the right skills is a security risk. I would *ALWAYS* prefer a dedicated high quality security device to iptables.


All times are GMT -5. The time now is 03:50 PM.