Hi Lu,
I suggest trying to drop invalid packets:
iptables -I INPUT -m state --state INVALID -j DROP
iptables -I OUTPUT -m state --state INVALID -j DROP
Using with echo 0 >
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose and little
connection timeout may solve your problem.
--
Best regards
Anatoly Muliarski
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Networking Development]
[Linux Kernel Development]
[Linux Resources]
[LARTC]
[Bugtraq]
[Consulting]
[Free Internet Dating]
[Yosemite Forum]
[Photo]
