Re: [PATCH] doc: document danger of applying REJECT to INVALID CTs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH] doc: document danger of applying REJECT to INVALID CTs
From: Maciej Żenczykowski <zenczykowski@xxxxxxxxx>
Date: Sat, 9 May 2020 14:31:16 -0700
Cc: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>, Florian Westphal <fw@xxxxxxxxx>, Linux NetDev <netdev@xxxxxxxxxxxxxxx>, Netfilter Development Mailing List <netfilter-devel@xxxxxxxxxxxxxxx>
In-reply-to: <CANP3RGe3fnCwj5NUxKu4VDcw=_95yNkCiC2Y4L9otJS1Hnyd-g@mail.gmail.com>

Also maybe the example should be:

instead of just:
-A INPUT ... -j REJECT
do:
-A INPUT ... -m conntrack --ctstate INVALID -j DROP
-A INPUT ... -j REJECT

References:
- Re: [PATCH] document danger of '-j REJECT'ing of '-m state INVALID' packets
  - From: Maciej Żenczykowski
- [PATCH] doc: document danger of applying REJECT to INVALID CTs
  - From: Jan Engelhardt
- Re: [PATCH] doc: document danger of applying REJECT to INVALID CTs
  - From: Maciej Żenczykowski

Prev by Date: Re: [PATCH] doc: document danger of applying REJECT to INVALID CTs
Next by Date: Re: mlx5: Panic with conntrack offload
Previous by thread: Re: [PATCH] doc: document danger of applying REJECT to INVALID CTs
Next by thread: [PATCH v2] doc: document danger of applying REJECT to INVALID CTs
Index(es):
- Date
- Thread

[Index of Archives] [Netfitler Users] [Berkeley Packet Filter] [LARTC] [Bugtraq] [Yosemite Forum]

Powered by Linux