On Wed, Feb 8, 2012 at 9:25 AM, Matthew Reath <matt at mattreath.com> wrote: > Good point. Adding in an established entry, although may open you up for > TCP/SYN sort of packets is a better trade off than affecting customer > traffic. 'established' is explicitly NOT 'syn' ... maybe you meant 'ack flood' ? (or rst flood? or .... but certainly not syn flood)