Firewalls in service provider environments

Christopher Morrow morrowc.lists at gmail.com
Wed Feb 8 09:01:33 CST 2012


On Wed, Feb 8, 2012 at 9:25 AM, Matthew Reath <matt at mattreath.com> wrote:

> Good point. Adding in an established entry, although may open you up for
> TCP/SYN sort of packets is a better trade off than affecting customer
> traffic.

'established' is explicitly NOT 'syn' ...
maybe you meant 'ack flood' ? (or rst flood? or .... but certainly not
syn flood)



More information about the NANOG mailing list