1) it depends on you are calling "invalid" 2) same as above I suggest you start by using Reverse Path filtering in the kernel, not in iptables, and drop "out of state" packets with the INVALID rules.
What is in your logs? On Apr 5, 2013, at 8:02, Daniel Curtis <[email protected]> wrote: > Hi Matthew and Pascal; > > So, what should I do to take care of INVALID packets? What is > "the best" method? I mentioned, that this system is for testing > purposes now, but in log files (e.g. kern.log, syslog) I see a lot > of INVALID packets logged - for both input and output connections. > > Best regards. > > > > > >
