On 09.11.2019 15:24, Claudio Jeker wrote: >> So nobody is using syncookies/synproxy at all? > > I guess that is a reasonably safe assumption. syncookies are rather new > and probably need more battle testing.
OK, then I will send a bug report. > synproxy never helped me much in > case of a SYN attack since it will cause pf(4) to hit the state limit no > matter what you do and then stuff starts to break. Yes, synproxy will not help with that, but syncookies should. But the syncookies entry in the man page also states that a connection opened via syncookie will then run through synproxy, so the problem I'm seeing might be in either one. best /