On Tue, 10 Dec 2019 at 19:08, Aaron Gould <[email protected]> wrote: > - policers of well-known *good* ports/protocols (like ntp, dns, etc) to some > realistic level
You might want to downpref these to a scavanger class, instead of police. Since ultimately policing makes it just easier to ddos the service, which is actually needed. -- ++ytti
