Hi Rajesh,    On Monday, 7 May 2018, 9:26:07 PM GMT+5:30, Govindaraj, Rajesh 
<rajesh.govinda...@ipc.com> wrote:  
So you suggest the notrack rules to be added in the firewall, correct?
Yup
  
Any thoughts on the security or other issues due to adding notrack rule 

In real world scenarios where we dealt with huge amount of traffic on such 
applications we have that rules in our firewalls to keep our systems running. 
For us we use this for both sip and dns traffic which is pointless to be track 
via conntrack in a ISP environment. I don't aware of any security drawback with 
this, I may be wrong but linux kernel has it own limits for dealing with these. 
May be you can up the limit ? which I'm not sure of, but yes, we have 
production servers running with these rules in order to keep them working.

One other possible way may be distribute load among many servers.
 



   
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to