forked from freifunk-franken/firmware
Johannes Kimmel
feeead6c43
20-clamp-mss: Clamping is done in other parts of the network and to a very low static value. This rules is very likely doing nothing at the moment. 20-filter-ssh: These rules make use of the conntrack module to ratelimit incoming connections. Using conntrack comes with a performance penalty for all traffic. As an alternative, dropbear could be run behind an inetd(-like) service that does the ratelimit, should removing this rule result in an actual attack vector. Removing both rules would enable us to unload the conntrack module all together, potentially improving overall performance. Fixes #183 Signed-off-by: Johannes Kimmel <fff@bareminimum.eu> Acked-by: Fabian Bläse <fabian@blaese.de> Reviewed-by: Robert Langhammer <rlanghammer@web.de> |
||
---|---|---|
.. | ||
etc/init.d | ||
usr/lib/firewall.d |