[Cerowrt-devel] Revising the synflood limit

Dave Taht dave.taht at gmail.com
Tue Sep 10 18:35:10 EDT 2019


I'm not sure if it is a "nice catch" or not yet. It's merely me (now
us) tying two anomalies together that might be connected. Can you
convert that -j drop to a -j log to see where they come from?

For example I was failing to negotiate ecn while at this conference,
which also meant a dropped syn.

On Tue, Sep 10, 2019 at 7:08 PM Maciej Sołtysiak <maciej at soltysiak.com> wrote:
>
> > OK, I started a topic over there. It would be good to know how many
> > other firewall tools set a syn limit by default, but that would take
> > way more research.
> >
> > https://forum.openwrt.org/t/the-synflood-limit-is-too-low-for-the-modern-internet/43957
> Nice catch! I've 10 to 15 devices on my network. Just in 24h I see I had 10k SYN's rejected!
>


-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740


More information about the Cerowrt-devel mailing list