Hi, I have two questions related to Denial of Service: 1) If I want to set up a syn-flood protection, based on 1 per second (bursts 5), should I use iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j DROP or iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT The first one seems to drop those which EXCEED 1 per second and the seocnd one seems to accept which is WITHIN 1 per second (so the exceptions are dropped). confused in logic :-( 2) where can I find more information on the use of Netfilter to DoS ? Thanks. Peter
