Quoting Dmitri Nikulin (setagllib@optusnet.com.au):

> Other: in FreeBSD it's (something like) net.inet.tcp.blackhole and 
> net.inet.udp.blackhole. These make non-listening ports NOT return 
> ICMP/RST messages saying they're not open, instead pretending it never 
> got a request. 

I got the impression that it was more to do with RST-return rate
limiting than dropping packets. Personally, my firewalls always
return RST for TCP-data anyway, so I do not care that much. I do not
think that dropping the packet makes the firewall any more secure than
not dropping it. Only thing it does is to irritate me when I have to
do diagnostics and packets get pulled out and dropped by the firewall.


-- 
jlouis