Re: [PATCH] document danger of '-j REJECT'ing of '-m state INVALID' packets

Side note, it doesn't have to be nearly as aggressive as the above. With just: tc qdisc replace dev ifb0 root netem reorder 99.9% 0% delay 1s I still see 169.58M @ 7.02MB/s in 26s: [24263:180667450] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT [27:174654] -A INPUT -m state --state

Re: [PATCH] document danger of '-j REJECT'ing of '-m state INVALID' packets

So I've never tried to figure out how things break, just observed that they do - first many many years ago (close to 15ish) - between my wifi connected laptop at home and my university server in the same city. I've kept an INVALID->DROP rule in all my firewalls since then and not had problems. I v

Re: [PATCH] document danger of '-j REJECT'ing of '-m state INVALID' packets

On Saturday 2020-05-09 07:22, Maciej Żenczykowski wrote: >diff --git a/extensions/libip6t_REJECT.man b/extensions/libip6t_REJECT.man >index 0030a51f..b6474811 100644 >--- a/extensions/libip6t_REJECT.man >+++ b/extensions/libip6t_REJECT.man >@@ -30,3 +30,18 @@ TCP RST packet to be sent back. This

[PATCH] document danger of '-j REJECT'ing of '-m state INVALID' packets

From: Maciej Żenczykowski This appears to be a common, but hard to debug, misconfiguration. Signed-off-by: Maciej Żenczykowski --- extensions/libip6t_REJECT.man | 15 +++ extensions/libipt_REJECT.man | 15 +++ 2 files changed, 30 insertions(+) diff --git a/extensions/