update python dependencies

move nftables configuration to a directory
simplify rate limited synproxy bypass
2024-06-14 00:42:19 +00:00 · 2024-04-12 21:33:35 -04:00 · 2024-04-12 21:33:35 -04:00 · 2024-04-12 21:33:33 -04:00
1 changed files with 1 additions and 2 deletions
--- a/nftables/nftables-mail.conf
+++ b/nftables/nftables-mail.conf
@ -45,8 +45,7 @@ table inet filter {
        fib daddr . iif type != { local, broadcast, multicast } counter drop

        # handle new TCP connections beyond rate limit via synproxy to avoid conntrack table exhaustion
-        tcp dport { 22, 25, 80, 443, 465, 993 } tcp flags syn limit rate 1024/second burst 128 packets accept
-        tcp dport { 22, 25, 80, 443, 465, 993 } tcp flags syn counter notrack accept
+        tcp dport { 22, 25, 80, 443, 465, 993 } tcp flags syn limit rate over 1024/second burst 128 packets counter notrack accept

        meta l4proto { icmp, ipv6-icmp } notrack accept
    }
Author	SHA1	Message	Date
Daniel Micay	6a325f8798	update python dependencies	2024-04-12 21:33:35 -04:00
Daniel Micay	bd6f127acf	move nftables configuration to a directory	2024-04-12 21:33:35 -04:00
Daniel Micay	c412fec336	simplify rate limited synproxy bypass	2024-04-12 21:33:33 -04:00