Michael Bellion wrote:
Hi,
I need to keep connection tracking, so nf-hipac is discarded.
nf-hipac does support connection tracking.
I have been reading their website ( I have NOT tested nf-hipac) and this
paragraph made me think that does NOT support connection tracking:
"Despite its usefulness there are still situations where you want to
avoid the overhead of connection tracking. Although only a constant
amount of time is added to the processing time of each packet (at least
in theory) you may need to prevent that in order to achieve maximum
packet rates. Those kind of setups require a highly efficient stateless
packet filter which is very robust against DoS or DDoS attacks. Again,
nf-HiPAC fulfils this requirement to the full extent."
Thank you for your comment, I will try it ASAP
regards
Michael Bellion
