[pve-devel] pvefw: using ctmark to associacte connections to VMs

Dietmar Maurer dietmar at proxmox.com
Mon Mar 3 17:07:13 CET 2014


> I don't known if we can setup a really high value by default ?

no idea, sorry.

> Also, it's seem that another option must be tune,
> 
> /etc/modprobe.conf:
> 
> options ip_conntrack hashsize=32768
> 
> 
> I need to read a little more about it

Does that mean that everybody can start a DOS attack by simply 
open(faking) 64000 tcp connections?




More information about the pve-devel mailing list