xtables-addons/extensions/pknock/libxt_pknock.c at dac1b7d5065a611c24d38787afc628d0f93b6bc6

mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-12-09 09:33:53 +01:00

Files

Jan Rafaj 2b2b6246f0 pknock: Make non-zero time mandatory for TCP mode

This avoids DDoS on the first-in-sequence TCP knockport, which would
otherwise fill up the peer table permanently - especially if the user
does not specify --autoclose - and would thus cause permanent pknock
DoS.

Signed-off-by: Jan Rafaj <jr+netfilter-devel@cedric.unob.cz>

2009-10-12 01:24:41 +02:00

9.8 KiB

Raw Blame History

View Raw

9.8 KiB Raw Blame History

9.8 KiB

Raw Blame History