On Tue, 2003-12-09 at 14:11, Geffrey VelÃsquez wrote: > Hi, > > > Hello, > > > > First make sure you are using tcpsyn_cookies: > > > > echo 1 > /proc/sys/net/ipv4/tcp_syncookies -- if you have not compiled > > > Is that valid for forwarded packets? or only destinated to the firewall? > <snip> I'm glad you brought that up. In fact, I'm delighted at this entire discussion since we are developing the final self-protection rules for use in the ISCS project. We have avoided using these /proc settings for just that concern - that they are mostly for the gateway itself and not for the devices being protected by it whether it is anti-spoofing with rp_filter or protecting against syn_floods. Is this assumption of ours true? Thanks, all - John -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
