Hi On Wednesday 28 January 2004 09:14, Ray Leach wrote: > > You can use the limit support to limit packet rates: > > ### syn-flood chain > $IPTABLES -N syn-flood > $IPTABLES -A syn-flood -i $IFACE_INET -m limit --limit 75/s > --limit-burst 100 -j RETURN > $IPTABLES -A syn-flood -i $IFACE_DMZ -m limit --limit 75/s > --limit-burst 100 -j RETURN > $IPTABLES -A syn-flood -i $IFACE_INT -j RETURN > $IPTABLES -A syn-flood -j LOG --log-prefix "SYN-FLOOD: " > $IPTABLES -A syn-flood -j DROP > > $IPTABLES -A INPUT -i $IFACE_INT -p tcp --syn -j syn-flood > $IPTABLES -A INPUT -i $IFACE_DMZ -p tcp --syn -j syn-flood > $IPTABLES -A INPUT -i $IFACE_INET -p tcp --syn -j syn-flood > I have a questions on this. As I interpret the rules any packet with is not catched by the two limit-rules is targeted to LOG. Due to the huge number of possible SYN-Packets in a dos-attack this does not seem useful to me. Shouldn't there be a "-m --limit 10/minute" in the log-rule? with kind regards Axel
