Pascal,
Thank you for your reply.
Ok, I made sure:
a.) conntrack is 100% disabled.
b.) iptables is enabled with a simple stateless ruleset.
c.) Syn cookies is enabled.
The issue is: In my testing Iam still being able to exaust *something*
because immediately when i hit a syn flood on port 80 (medium size) I
get imediate packet loss (as seen through ICMP, also i cannot ssh in the
machine and unable to reach port 80.
IF i disable syncookies then: I can ping the machine fine no packetloss
but I cannot reach port 80 (seems this port is the only one in packetloss)
Question: What resource can be exausted both when syncookies is enabled
and disabled for this to happen?
Thanks
Alex
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
