LF_SPI = 0 (static firewall)?
Posted: 14 Sep 2015, 11:10
I have paid for server hardening (service was pretty fast. Hopefully the server stays ups).
The sys-admin recommended using LF_SPI = 0 because the iptables were kind of broken.
Can anyone help to explain the differences as to what additional protection you get for "Dynamic" firewalls instead of "static" ones?
From what I can tell, it's still rejecting users on failed logins, which is a lot more than I had before.
I'm just wondering what the dynamic thing does and how much effort i should get into trying to get that repaired.
The sys-admin recommended using LF_SPI = 0 because the iptables were kind of broken.
Can anyone help to explain the differences as to what additional protection you get for "Dynamic" firewalls instead of "static" ones?
From what I can tell, it's still rejecting users on failed logins, which is a lot more than I had before.
I'm just wondering what the dynamic thing does and how much effort i should get into trying to get that repaired.