Dear,
is that a good Idea to prevent SYN FLOOD on Proxmox host with uncomment
#net.ipv4.tcp_syncookies=1
Or is their something other to prevent in the PVE-Firewall?
We had in 2 days 2 SYN FLOOD to MySQL-Servers on many Containers with
diferent destination
IPs and comes only from one IP! The
and I have see now in /proc/sys/net/ipv4 is on - it´s only commented in
/etc/sysctl.conf!
Ok, but why the SYN-FLOOD is gooing throu the PVE-Firewall?
smurf-filter is ON too!
nf_conntrack_max was on DEFAULT - now: 196608 (changed in GUI)
nf_conntrack_tcptimeout_established is: 18000 (long time