nanog mailing list archives
Re: High throughput bgp links using gentoo + stipped kernel
From: Ben <ben () meh net nz>
Date: Mon, 20 May 2013 11:27:57 +1200
On Sun, May 19, 2013 at 11:48:17AM -0400, Nick Khamis wrote:
We do use a statefull iptables on our router, some forward rules... This is known to be on of our issues, not sure if having a separate iptables box would be the best and only solution for this?
Do you actually need stateful filtering? A lot of people seem to think that it's important, when really they're accomplishing little from it, you can block ports etc without it. And the idea of protecting hosts from strange traffic is only really significant if the hosts have very outdated TCP/IP stacks etc. And it breaks things like having multiple routers. There's an obscure NOTRACK rule you can use to cut down the number of state entries, or remote state tracking for hosts that don't need it. http://serverfault.com/questions/234560/how-to-turn-iptables-stateless although googling for NOTRACK should find other things too. Ben.
Current thread:
- Re: High throughput bgp links using gentoo + stipped kernel, (continued)
- Re: High throughput bgp links using gentoo + stipped kernel Gabriel Blanchard (May 24)
- Re: High throughput bgp links using gentoo + stipped kernel William Herrin (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Jon Lewis (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel William Herrin (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
- Message not available
- Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Andre Tomt (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 19)
- RE: High throughput bgp links using gentoo + stipped kernel MailPlus| David Hofstee (May 21)
- Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Seth Mattinen (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Valdis . Kletnieks (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Matt Palmer (May 20)
- Re: High throughput bgp links using gentoo + stipped kernel Phil Fagan (May 20)
- Re: High throughput bgp links using gentoo + stipped kernel Justin M. Streiner (May 21)
- Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel joel jaeggli (May 20)
- Re: High throughput bgp links using gentoo + stipped kernel Ben (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 19)
- Re: High throughput bgp links using gentoo + stipped kernel Zachary Giles (May 19)