Side note, it doesn't have to be nearly as aggressive as the above. With just: tc qdisc replace dev ifb0 root netem reorder 99.9% 0% delay 1s I still see 169.58M @ 7.02MB/s in 26s: [24263:180667450] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT [27:174654] -A INPUT -m state --state INVALID -j DROP [0:0] -A INPUT -p tcp -j REJECT --reject-with tcp-reset And the connection still freezes without the INVALID/DROP rule (after 43MiB this time)
