projects / project / firewall4.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e479eff) | patch
ruleset: remove redundant syn check
authorJo-Philipp Wich <jo@mein.io>
Fri, 28 Jan 2022 08:51:12 +0000 (09:51 +0100)
committerJo-Philipp Wich <jo@mein.io>
Fri, 28 Jan 2022 08:51:12 +0000 (09:51 +0100)
commitac8a7378c9a920f5af8da2c9019e26f8f6844ae9
tree74c166c68def7908e13b10d77fbaabe9e97a31c2tree | snapshot
parente479eff366f7ea58b71be4e7ee5973df27acaf35commit | diff
ruleset: remove redundant syn check

The syn_flood chain entry is guarded by a TCP flags check in the calling
chain, so the syn_flood chain doesn't need to check packet flags again,
it only needs to count and potentially drop.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
root/usr/share/firewall4/templates/ruleset.uc diff | blob | history
tests/01_configuration/01_ruleset diff | blob | history
OpenWrt nftables firewall