1) it depends on you are calling "invalid" 2) same as above
I suggest you start by using Reverse Path filtering in the kernel, not in iptables, and drop "out of state" packets with the INVALID rules.
What is in your logs?
H i Matthew and Pascal;
So, what should I do to take care of INVALID packets? What is
"the best" method? I mentioned, that this system is for testing
purposes now, but in log files (e.g. kern.log, syslog) I see a lot of INVALID packets logged - for both input and output connections.
Best regards.
|