/plushcap/analysis/cloudflare/conntrack-tales-one-thousand-and-one-flows

Conntrack tales - one thousand and one flows

What's this blog post about?

The text discusses the "conntrack" subsystem in Linux's network stack, which is part of the firewall system. It explains how this connection tracking facility works, its limitations, and potential issues that can arise when it gets filled up. The author also provides a detailed test setup using "unshare" to experiment with iptables and conntrack without affecting the host system. They highlight the importance of correctly applying conntrack and avoiding its use on inbound connections to prevent potential problems during SYN flood mitigation.

Company
Cloudflare

Date published
April 6, 2020

Author(s)
Marek Majkowski

Word count
2056

Language
English

Hacker News points
38


By Matt Makai. 2021-2024.