LF_SPI = 0 (static firewall)?

Post Reply
maknet
Junior Member
Posts: 17
Joined: 10 Sep 2015, 19:02

LF_SPI = 0 (static firewall)?

Post by maknet »

I have paid for server hardening (service was pretty fast. Hopefully the server stays ups).

The sys-admin recommended using LF_SPI = 0 because the iptables were kind of broken.

Can anyone help to explain the differences as to what additional protection you get for "Dynamic" firewalls instead of "static" ones?

From what I can tell, it's still rejecting users on failed logins, which is a lot more than I had before.

I'm just wondering what the dynamic thing does and how much effort i should get into trying to get that repaired.
maknet
Junior Member
Posts: 17
Joined: 10 Sep 2015, 19:02

Re: LF_SPI = 0 (static firewall)?

Post by maknet »

As per the advice of the installed service, a reboot helped fix the IPtables and LF_SPI = 1 is now back online.
Post Reply