Gleb Naumenko

I agree with @ariard above we don't want a chain split after relaxing the consensus rule, perhaps this is worthy a discussion on the ML or irc meeting. I think...

ACK ff9039f6ea876bab2c40a06a93e0dd087f445fa2 After a few attempts, I haven't found a way to trigger a consensus fork through adjusted time. It's not like this could "infect" half of the network (legacy)...

Concept ACK. Looks cleaner. Will look in more detail when you undraft it.

ACK 840a022 Not sure if you noticed [this idea](https://github.com/bitcoin/bitcoin/pull/28538#discussion_r1417175382), might be a worthy precaution.

Consider when a malicious Internet provider or something can request the `forceinbound` IP address. Does this PR open any fundamentally new risk in this case? I'm thinking of disrupting the...

>the attacker needs to both learn and then spoof the protected IP range I think a malicious ISP gets that trivially (at least in the pre-BIP324 world) by simply monitoring...

@pinheadmz In the example I had above `n_extra_slots` controls how many extra connections you allow so it should be safe.

@pinheadmz yeah this is probably the best attempt at minimizing the problem I mentioned. Whether it's satisfactory is still at question :) I'm looking forward to seeing what others think.

@pinheadmz Honestly I still struggle to understand what are the practical scenarios of using this. E.g., what could lead to not being able to evict a connection?

ACK 320978662db6b17e61afbf77a6584e33181c12b9