On 6/2/11 6:44 PM, Mr Dash Four wrote: > >> I've already explained why Shorewall must pass INVALID packets through >> the rules chain (initial installation). In addition, some users set >> /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose to provide >> "connection pickup". If INVALID packets were dropped early, that >> wouldn't work. >> > So, if I follow your advice and add dropInvalid in the NEW section of my > rules file I will be royally screwed too, is that it?
Huh? -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
