Hi All, I'm not in a position to patch some public servers but I can add firewall rules. The original Netflix report (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md_ ) has a workaround to block connections with low MSSs for iptables but I'm at a loss to translate to Shorewall. The filters are: iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP ip6tables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP Would anybody be able to let me know how to craft as a Shorewall rule? Cheers Steve
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
