Thursday, February 9, 2012

iptables be liberal cheatsheet

A while ago I posted about how Cisco firewalls can make certain packets' state look invalid to iptables which causes slow performance because packets would be dropped and had to be retransmitted. This was inspired by a much more interesting post on Since then I've often had to relax the invalid checks on iptables by setting the following proc values on rhel5 or rhel6:


No comments: