mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2026-01-04 06:13:51 +01:00
08f6a82bdc
In TCP --strict mode, forget the peer which sent the wrong knock in a sequence, rather than resetting its status to ST_INIT. This avoids filling up the peer table (which would lead to pknock DoS) in case of a DDoS attack performed by a set of port-scanning malicious hosts.