From mboxrd@z Thu Jan  1 00:00:00 1970
From: Florin Andrei <florin@andrei.myip.org>
Subject: Re: conntrack is bad during DDoS?
Date: Thu, 04 Oct 2007 15:01:35 -0700
Message-ID: <470562BF.3090504@andrei.myip.org>
References: <4702BDCB.3060102@andrei.myip.org> <4704B0EC.2030802@trash.net>
Reply-To: netfilter@vger.kernel.org
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <netfilter-owner@vger.kernel.org>
In-Reply-To: <4704B0EC.2030802@trash.net>
Sender: netfilter-owner@vger.kernel.org
List-Id: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
To: netfilter@vger.kernel.org

Patrick McHardy wrote:
> 
> Please try 2.6.23 once its out (or the current -rc), it should behave
> better.
> 
> 2.6.24 will include stateless NAT again for 1:1 mappings.

So, can you elaborate a little bit?
I understand the thing about stateless NAT and 2.6.24 - that's very good 
news, too bad it's not in older versions. :-)

But what's different in 2.6.23-rc that will make it better in my situation?

-- 
Florin Andrei

http://florin.myip.org/