Hi Rajesh, On Monday, 7 May 2018, 9:26:07 PM GMT+5:30, Govindaraj, Rajesh <rajesh.govinda...@ipc.com> wrote: So you suggest the notrack rules to be added in the firewall, correct? Yup Any thoughts on the security or other issues due to adding notrack rule
In real world scenarios where we dealt with huge amount of traffic on such applications we have that rules in our firewalls to keep our systems running. For us we use this for both sip and dns traffic which is pointless to be track via conntrack in a ISP environment. I don't aware of any security drawback with this, I may be wrong but linux kernel has it own limits for dealing with these. May be you can up the limit ? which I'm not sure of, but yes, we have production servers running with these rules in order to keep them working. One other possible way may be distribute load among many servers.
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users