On Tue, 2009-09-08 at 09:36 -0400, Josh Luthman wrote: > Butch put a rule that drops invalid connections long ago (thinking 4 > years). Haven't really noticed any problems so I doubt it hurts at > all and obviously does some good somehow.
If you are doing NAT on a router with this rule in place, you will see a lot more traffic hitting this rule. A packet is considered invalid when it is tcp and has flags OTHER THAN the SYN flag AND it is not part of a connection listed in the connection tracking table. It is safe to drop these packets. -- ******************************************************************** * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/ * Network Engineering * * http://www.wispa.org/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * ******************************************************************** _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
