GrapheneOS on Nostr: Implementing connection limits with nftables required coming up with a good approach ...
Implementing connection limits with nftables required coming up with a good approach to avoid spoofed SYN packets counting towards the limits or bypassing the limits by filling the sets. It also required using synproxy to prevent conntrack table exhaustion, but only when needed.
Published at
2024-04-16 17:19:44Event JSON
{
"id": "c837724fef842f7d9a7ddcd29026ff55892b77b169cfde4e23d8989864f27b6c",
"pubkey": "5468bceeb74ce35cb4173dcc9974bddac9e894a74bf3d44f9ca8b7554605c9ed",
"created_at": 1713287984,
"kind": 1,
"tags": [
[
"e",
"bf0884eb2f1ca9f44b5f2c7f7b988e92fe3f29af02e6bcba860312b3baa04b4c",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://grapheneos.social/users/GrapheneOS/statuses/112282041330403430",
"activitypub"
]
],
"content": "Implementing connection limits with nftables required coming up with a good approach to avoid spoofed SYN packets counting towards the limits or bypassing the limits by filling the sets. It also required using synproxy to prevent conntrack table exhaustion, but only when needed.",
"sig": "14aa2b3ecbceb1a32a2b31c97b58041c5360ae8c29f0dcae0f4bd022eb30ab5e8cb65ee2fc01cc24db89b39abc657130ab00e2f53b55610896ba3ee7f92db07c"
}
