Updating documentation to 2026, IPv6, some grammar/spelling.#2
Open
mrfloris wants to merge 1 commit into
Open
Conversation
…nftables note, added IPv6 guidance, recommended iptables-apply for remote changes, corrected 127.0.0.1, replaced the connlimit explanation with a hashlimit example, kept the ESTABLISHED,RELATED and INVALID rules, made rule order explicit, and cleaned up capitalization, grammar, and awkward phrasing across the document. And added a ip6tables example ruleset (feel free to simplify this section) Note to original author: the optional fallback that opens the kernel ephemeral port range on INPUT instead of relying on RELATED,ESTABLISHED. I left that block unchanged here to keep this patch scoped, but it would be worth reviewing separately because opening the full ephemeral range is not equivalent to conntrack-based return-traffic handling and may allow unsolicited inbound traffic on many ports.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I fixed the netfilter-persistent/systemd guidance, added the current nftables note, added IPv6 guidance, recommended
iptables-applyfor remote changes, corrected127.0.0.1, replaced theconnlimit-explanation with ahashlimit-example, kept theESTABLISHED,RELATEDandINVALIDrules (see note below), made rule order explicit, and cleaned up capitalization, grammar, and some phrasing across the document. And added a ip6tables example ruleset (feel free to simplify this section)Note to original author:
The optional fallback that opens the kernel ephemeral port range on
INPUTinstead of relying onRELATED,ESTABLISHED. I left that block unchanged here to keep this patch scoped, but it would be worth reviewing separately because opening the full ephemeral range is not equivalent toconntrack-based return-traffic handling and may allow unsolicited inbound traffic on many ports.