aboutsummaryrefslogtreecommitdiffstats
path: root/rules.mk
diff options
context:
space:
mode:
authorAlin Nastac <alin.nastac@gmail.com>2017-06-16 14:16:07 +0200
committerHans Dedecker <dedeckeh@gmail.com>2017-07-11 22:09:57 +0200
commitd8748e537f11ab5f2b5e2ed25d94baa5ce353984 (patch)
tree8cdc9cb604c2d5ddfbd208f004c42553a55549dc /rules.mk
parenta35a27e8ef05b6536cf12b2938488be499859b76 (diff)
downloadupstream-d8748e537f11ab5f2b5e2ed25d94baa5ce353984.tar.gz
upstream-d8748e537f11ab5f2b5e2ed25d94baa5ce353984.tar.bz2
upstream-d8748e537f11ab5f2b5e2ed25d94baa5ce353984.zip
netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw -I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to become full when a packet flood with randomly selected source IP addresses is received from the lan side. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Diffstat (limited to 'rules.mk')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 21:08:17 +0000