Hallo Group, i want to implement a syn Flood Protection on our linux Router. on our Cisco we have this Access-list and rat-limit rate-limit input access-group 190 128000 128000 128000 conform-action transmit exceed-action drop access-list 190 deny tcp any any established access-list 190 permit tcp any any access-list 190 deny ip any any now i was trying to wrote the same config with tc iptables -A PREROUTING -i $uplinkdev -t mangle -p tcp --syn -j MARK --set-mark 1 tc qdisc add dev $uplinkdev handle ffff: ingress tc filter add dev $uplinkdev parent ffff: protocol ip prio 50 handle 1 fw police rate 128kbit burst 10 mtu 15k drop flowid :1 But many from our Customers can't connect to our Webservers. what is wrong on my config? cu thomas braun
