1) it depends on you are calling "invalid"
2) same as above
I suggest you start by using Reverse Path filtering in the kernel, not in iptables, and drop "out of state" packets with the INVALID rules.
What is in your logs?
HiMatthew and Pascal;So, what should I do to take care of INVALID packets? What is"the best" method? I mentioned, that this system is for testing
purposes now, but in log files (e.g. kern.log, syslog) I see a lot
of INVALID packets logged - for both input and output connections.
Best regards.
No comments:
Post a Comment