While setting up firewall rules, the biggest question that arises while blocking a packet is, whether to reject or drop that packet.
Reject a packet – Block the packet with an error response to the sender of the packet.
Drop a packet – Block the packet without any response to the sender of the packet.
Dropping the packet is much better than Rejecting the packet for the following reasons:
- Sending an error response increases the network traffic, causing unnecessary congestion.
- Sending an error response can cause Denial-of-Service(DOS) attack.
- In the error response, unknowingly we may be giving useful information to a would-be attacker.