[Shorewall-users] SYN Flood Protection for Testing

Tom Eastep teastep@shorewall.net
Wed, 24 Apr 2002 07:21:44 -0700 (PDT)

I've implemented optional syn flood protection and have made a copy 
available for testing.

This implementation adds a fourth column to the /etc/shorewall/policy 


The LIMIT is a maximum rate such as 4/sec -- the BURST is the maximum 
burst of SYNs acceptable. SYN rates in excess of what is specified result 
in SYN packets being dropped.

Example of a complete entry:

net	dmz	ACCEPT	-	10/sec:40

Feedback welcome,
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net