[Shorewall-users] SYN Flood Protection for Testing
Wed, 24 Apr 2002 07:21:44 -0700 (PDT)
I've implemented optional syn flood protection and have made a copy
available for testing.
This implementation adds a fourth column to the /etc/shorewall/policy
The LIMIT is a maximum rate such as 4/sec -- the BURST is the maximum
burst of SYNs acceptable. SYN rates in excess of what is specified result
in SYN packets being dropped.
Example of a complete entry:
net dmz ACCEPT - 10/sec:40
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org