Posted: Tue Jun 22, 2021 17:29 Post subject: "New TCP Must Be SYN" - should it be applied to fo
"New TCP Must Be SYN" (-p tcp ! --syn -m conntrack --ctstate NEW -j DROP) is a rule often applied to INPUT tables to improve firewall security by reducing ACK scanning. Does it make sense to apply the same rule to FORWARD tables?