Hi, On 6/24/19 2:13 PM, t...@t-3.net wrote: > > As of last week there wasn't a new kernel out for our relay's distro switch to Gentoo Linux :-)
> -A INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j LOG > --log-prefix "TCP_SACK_PANIC: " > -A INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP Interesting - never thoughtm that iptables is able to do that - the doubled SYN is needed, right? > Over the weekend we logged hits to this rule. I checked a few of the > source hosts, and they were not relays at least as they are listed in > https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1 . Whilst I gave up loging IPs at all - why didn't you checked non-exit relays? -- Toralf PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
