Hi Guillaume, Guillaume Morin wrote: > > The documentation is correct because it assumes you understand > "connection" as a conntrack entry.
Hum. > I do agree that it should be more explicit. We met an agreement so. >>The funny thing is that if you have a bad ruleset, you can easily be >>DOSed by some external people which are just sending random ACK packets. >> >>Those ACKs will create entries in your connection table as ESTABLISHED >>connections with a time-out of.... 5 days !!!!! 8-) > > > Well no, since the concerned box will reply with a RST. Try to imagine what if I try to address ACK to computer which are not existing in your network.... see the picture now ???? :-) Regards -- Emmanuel A dreamer is one who can only find his way by moonlight, and his punishment is that he sees the dawn before the rest of the world. -- Oscar Wilde
