Where state is a comma separated list of the connection states to match. Possible states are INVALID
meaning that the packet could not be identified for some reason which includes running out of memory
and ICMP errors which don’t correspond to any known connection
Но в Интернетах пишут о них более понятно:
This packet is associated with no known connection. These packets should be dropped.
Так что приговор один:
iptables -I INPUT -m state --state INVALID -j DROP
No comments :
Post a Comment
Note: only a member of this blog may post a comment.