Hello,
Brent Clark a écrit :
# we allow 4 TCP connects per second, no more
$IPT -N syn-flood
$IPT -A syn-flood -m limit --limit 1/s --limit-burst 4 -j LOG
--log-level info --log-prefix '#### Syn Flood ####'
$IPT -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
$IPT -A syn-flood -j DROP
This accepts only 1 packet per second after an initial 4-packet burst,
and it logs *accepted* packets, not dropped ones. I am not sure this is
what you want.
You probably want something like this instead, assuming there is an
ACCEPT rule later that matches these packets in the calling chain :
$IPT -N syn-flood
$IPT -A syn-flood -m limit --limit 4/s --limit-burst 4 -j RETURN
$IPT -A syn-flood -j LOG --log-level info \
--log-prefix '#### Syn Flood ####'
$IPT -A syn-flood -j DROP
You may also want to set a rate limit in the LOG rule not to prevent SYN
flood but to prevent log flood. ;-)
