‐‐‐ Original Message ‐‐‐
On Friday, December 18, 2020 6:13 PM, Stuart Henderson
wrote:
> And if it's anything like when I try it, you'll see some TCP connections
> failing when it is active too. Not everything fails. but e.g. if I have
> "set syncookies always" on a router, and run "ftp
On 2020-12-18, mabi wrote:
> ‐‐‐ Original Message ‐‐‐
> On Friday, December 18, 2020 10:48 AM, Stuart Henderson
> wrote:
>
>> It's something like "what % of max allowed states is half-open tcp".
>> Watch out as there are some bugs in this area, definitely thewith
>> accounting of
‐‐‐ Original Message ‐‐‐
On Friday, December 18, 2020 10:48 AM, Stuart Henderson
wrote:
> It's something like "what % of max allowed states is half-open tcp".
> Watch out as there are some bugs in this area, definitely thewith
> accounting of half-open connections can be wildly off
Hi,
I see quite some syn flood packets on my OpenBSD firewall filling up the state
table for nothing. So I thought let's try the pf's adaptive syncookies. I am
just not quite sure what the percentage used by start and stop relate to.
In the pf.conf man page the following is written:
"pf will
On 2020-12-18, mabi wrote:
> Hi,
>
> I see quite some syn flood packets on my OpenBSD firewall filling up the
> state table for nothing. So I thought let's try the pf's adaptive syncookies.
> I am just not quite sure what the percentage used by start and stop relate to.
>
> In the pf.conf man
5 matches
Mail list logo
