Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix excess responses on noisy WAN network #6

Closed
wants to merge 3 commits into from
Closed

Fix excess responses on noisy WAN network #6

wants to merge 3 commits into from

Conversation

brada4
Copy link

@brada4 brada4 commented Aug 26, 2023

Fixes: openwrt/openwrt#13340

In principle there is nothing forwarded from WAN unless some forward rule is present or it tries NAT traversal on recent new connection attempt. Past fixing excessive load generated in reported case also nat traversal will not need to retry socket connection, retransmitted SYN is likely to come when permitting rule/transient state is completely established.

Signed-Off-By: Andris PE <neandris..gmail.com>

@jow-
Copy link
Contributor

jow- commented Aug 31, 2023

I could live with defaulting WAN-to-WAN forward to drop. The global inter-zone forward policy should stay at reject though.

@brada4
Copy link
Author

brada4 commented Aug 31, 2023

OK, the global policy applies on new interfaces, but im fine with endangering unsuspecting.

@brada4
Copy link
Author

brada4 commented Aug 31, 2023

Test case: connect wan to (10mbps) hub/repeater and watch spoofed traffic killing all communication there.

@brada4
Copy link
Author

brada4 commented Feb 28, 2024

Sorry, wrong commit headings.

@brada4 brada4 closed this Feb 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@brada4 @jow-