On Wed, 3 Jun 2015, Lukas Hubschmid (s) wrote: > I am not quite sure if I read the C-code correctly - so TCP sequence checking > seems to be enabled by default, right? Or do I need to set some flag when > adding a rule? No, it's default enabled. You can (partiall) switch it off globally via a sysctl setting, not with some flag in a rule. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
