Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:enable_quic [2019/03/26 17:43] Jackson Zhang [Possibly bad cached SSL certificates] |
litespeed_wiki:config:enable_quic [2019/03/26 18:14] Jackson Zhang [LF_SPI needs to be turned off when CSF used] |
||
|---|---|---|---|
| Line 112: | Line 112: | ||
| # Note: root (UID:0) is always allowed | # Note: root (UID:0) is always allowed | ||
| UDPFLOOD_ALLOWUSER = "named" | UDPFLOOD_ALLOWUSER = "named" | ||
| + | |||
| + | ==== LF_SPI needs to be turned off when CSF used ==== | ||
| + | ''LF_SPI'' in CSF should be turned off (set ''LF_SPI'' = ''0''). | ||
| + | |||
| + | According to CFS, ''LF_SPI'' option configures csf iptables as a Stateful Packet Inspection (SPI) firewall – the default (which means ''LF_SPI'' = ''1'' by default). If the server has a broken stateful connection tracking kernel then this setting can be set to 0 to configure csf iptables to be a Static firewall, though some funtionality and security will be inevitably lost. | ||
| + | |||
| + | {{ :litespeed_wiki:config:litespeeed-quic-disable-spi-in-csf.png?800 |}} | ||