tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: frag6: better limitation

On 31 January 2018 at 08:46, Manuel Bouyer <> wrote:
> On Wed, Jan 31, 2018 at 08:17:36AM +0100, Maxime Villard wrote:
>> [...]
>> My patch is useful only if you restrict addresses in the first place. In that
>> case there is only a limited number of craftable src addresses. Typically:
>>       wm0 [public side]: allow 10 IPv6 addresses
>>       wm1 [local side]:  allow everything
> This seems to be a very specific and rare use case ...

Would a combination of global and a per interface limit handle most of
the cases without increased DoS risk?

Home | Main Index | Thread Index | Old Index