Andrew
Andrew
It is 9.18.24 in OpenWRT repos, and you have to use real OpenWRT to isolate from potential issues in fork distribution.
>at 3.2.3 (2022-01-29): > MR17 - Set PIDDIR to /run if exists on the system
in ``` table inet t { chain c { oifname "eth1" tcp flags & (fin | syn | rst) == syn tcp option maxseg size set rt mtu meta l4proto...
Kind of still sucks for tcp established connections.
tcp mss fix will still do the name comparison for each tcp packet. This just removes useless check for measurably bad offloaded udp streams. just a side observation in the...
Swapped to draft, i got better idea, but this is still minimally intrusive for stable trains
Default does not drop packets in invalid state. Invalid state packets are not ones from misconfiguration. If you configure network routing all states are valid again without special attention to...
ct state invalid is marked when packet enters conntrack, but you can log detected invalid packets exitting system by adding something.nft in /etc/nftables.d/ ``` chain invalid_egress { type filter hook...
Your ruleset is heavily modified, but no dropping of invalid packets is enabled. Could you compare conf to one found in this repo?
I think i am getting it. wan zone drops invalid exitting packets. That is the default inherited from masq checkbox. "drop new" would block router from internet access, and there...