Gufw

Why is Reject used in the Public profile rather than Deny?

Asked by Wise Melon

In the documentation it says that the Deny option will not allow the traffic and will send no indication to whoever sent the traffic that it wasn't allowed as no ICMP will be sent back, and the Reject option will still not allow the traffic, but it will let the sender know that the traffic was not allowed by sending an ICMP back.

So I ask this, why is it that for the Home profile Deny is the default for incoming traffic, and for Public it is Reject? Would you not prefer someone on your own network to know that your computer exists rather than someone on a public network?

Question information

Language:
English Edit question
Status:
Solved
For:
Gufw Edit question
Assignee:
No assignee Edit question
Solved by:
costales
Solved:
Last query:
Last reply:
Revision history for this message
Best costales (costales) said : 		#1

> Would you not prefer someone on your own network to know that your computer exists rather than someone on a public network?

Hi! Exactly! It's just a preconfigured rule as more common, change it
for whatever you need :) A hug!

On Mon, Dec 7, 2015 at 11:47 PM, Nikita Yerenkov-Scott
<email address hidden> wrote:
> New question #277151 on Gufw:
> https://answers.launchpad.net/gui-ufw/+question/277151
>
> In the documentation it says that the Deny option will not allow the traffic and will send no indication to whoever sent the traffic that it wasn't allowed as no ICMP will be sent back, and the Reject option will still not allow the traffic, but it will let the sender know that the traffic was not allowed by sending an ICMP back.
>
> So I ask this, why is it that for the Home profile Deny is the default for incoming traffic, and for Public it is Reject? Would you not prefer someone on your own network to know that your computer exists rather than someone on a public network?
>
> --
> You received this question notification because you are an answer
> contact for Gufw.

Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) said : 		#2

Thanks costales, that solved my question.