On Wednesday 06 November 2002 3:06 pm, Jon Anderson wrote: > Can't guarantee that I'm right about the following, or that it's even > relevant, but based on my experience, the following might help... > > SB CH (chulmin2@hotmail.com) wrote: > > I saw that we can protect syn-flooding using iptables like this. > > > > $IPTABLES -N syn-flood > > $IPTABLES -A INPUT -p tcp --syn -j syn-flood > > $IPTABLES -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN > > $IPTABLES -A syn-flood -j DROP > > Of course one could achieve the same thing by using only two rules: > > iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 4 -j > ACCEPT > iptables -A INPUT -p tcp --syn -j DROP Not really - the shorter version forces all SYN packets below the limit to be ACCEPTed, whereas the longer version allows for later rules in the INPUT chain to decide whether they ought to be accepted or not, based on the usual things like source/destination address/port etc. Antony. -- Abandon hope, all ye who enter here. You'll feel much better about things once you do.
