Hello, Alex Flex a écrit : > > a.) Shouldnt syn cookies (which is enabled) deal with the syn flood > without compromising my state table? No. Syncookies and conntrack are unrelated. Syncookies are in the TCP stack while conntrack is in netfilter. > c.) I tried disabling iptables all together (thus no conntrack) Conntrack and iptables are two distinct parts of netfilter. You can have iptables disabled and contrack enabled (not very useful though). To disable conntrack you must not load, or unload, the conntrack kernel modules, or use iptables' NOTRACK target on all traffic. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
