Firewall – Reject or Drop a packet

While setting up firewall rules, the biggest question that arises while blocking a packet is, whether to reject or drop that packet.

Reject a packet – Block the packet with an error response to the sender of the packet.

Drop a packet – Block the packet without any response to the sender of the packet.

Dropping the packet is much better than Rejecting the packet for the following reasons:

  • Sending an error response increases the network traffic, causing unnecessary congestion.
  • Sending an error response can cause Denial-of-Service(DOS) attack.
  • In the error response, unknowingly we may be giving useful information to a would-be attacker.