Due to frequent DDoS attacks, we're enforcing stricter limits on the number of connections to our servers. By default, each server enforces a limit of 16 or 32 TCP connections from each IPv4 address and IPv6 /64 block. During persistent attacks, these limits will be adjusted.
"'"[…] a subsystem that was introduced in the #Linux 2.4 #kernel that provides a framework for implementing advanced network functionalities such as packet filtering, network address translation (NAT), and connection tracking. It achieves this by leveraging hooks in the kernel’s network code, which are the locations where kernel code can register functions to be invoked for specific network events. […]"'"
Really curious to see how CVS-223-32233 for #linux#netfilter nf_tables https://seclists.org/oss-sec/2023/q2/133 can be exploted fom "unprivileged local users". AFAICT, nf_tables_api goes through nfnetlink, and nfnetlink_rcv() checks for CAP_NET_ADMIN way before the code in nf_tables_api is hit. Disclaimer: I'm not involved with netfilter for >10 years now, so my knowledge might be rusty (no pun intended).