On 10/14/06, Brent Clark <bclark@xxxxxxxxxxxxxxx> wrote:
# we allow 4 TCP connects per second, no more $IPT -N syn-flood $IPT -A syn-flood -m limit --limit 1/s --limit-burst 4 -j LOG --log-level info --log-prefix '#### Syn Flood ####' $IPT -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN $IPT -A syn-flood -j DROP So my question is, have I maybe been to aggressive on the limit.
If you're trying to limit the SYNs to 4/sec, then the --limit should be "--limit 4/s" along with the --limit-burst 4. Though, 4 SYNs per second is hardly a syn flood. Also, you may want to specify the destination port of the syn flood to give more grainular control. -- Jiann-Ming Su "I have to decide between two equally frightening options. If I wanted to do that, I'd vote." --Duckman "The system's broke, Hank. The election baby has peed in the bath water. You got to throw 'em both out." --Dale Gribble
