Guys, I am having a problem when I go to a website, man-in-the-middle sends tons of ACK packets and I block some replies to these packets.
The more replies I block (currently 75%) the more attacker sends.

Obvious correct solution would be to look whats in these ACKs but they are encrypted.

What kind of firewall can defend agains this specific attack or maybe this attack has a name?

Maybe this attack exploits some issues in kernel sockets?

EDIT: If I don't block anything then chromium GUI freezes(i can't right click) and eventually chromium closes on its onw. It used to be that web pages or gui flash with black rectangles. Now better.

It might be not a attack and could be that some setting is wrong.

The setup is called default setup.

The fixes are under way. So far it debian+wayland+apparmor (no network in debian).
I have sand-boxed systemd (and its systemd-* friends), gdm3, and all their children, and whatever is left.
Took me around one months, full 7 days per week and 10hours per day,
If systemd or systemd-login (no more left from this crap pile) can run without access to /sys or /run or /proc/*/comm - its a good setup.

I am sill having only 150KByte download speed on large files out of my 1MBit. Thinking what need to be done. I have not even apllied fuzzy iptables extension yet. I also have pfsense+suricata on my router which may choke up.

Thanks for no help. But this is what you are payed for?

for other people who find this thread:
OP has not provided any hard info on the actual situation; it is all his/her/other interpretation.
an attack is what they think is happening.
i'm not saying it is not so, but we would need hard info to assess the situation.

i think you misunderstand.
we all are just lusers here, like you.
nobody's getting paid anything (with the exception of jeremy maybe).

What "site"?
Scan it?