Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | src: introduce SYNPROXY matching | Fernando Fernandez Mancera | 2019-07-17 | 1 | -0/+13 |
Add support for "synproxy" statement. For example (for TCP port 8888): table ip x { chain y { type filter hook prerouting priority raw; policy accept; tcp dport 8888 tcp flags syn notrack } chain z { type filter hook input priority filter; policy accept; tcp dport 8888 ct state invalid,untracked synproxy mss 1460 wscale 7 timestamp sack-perm ct state invalid drop } } Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |