"Servers 4you" wrote: > > Im having this notice on my messages logs: > > Nov 5 06:40:46 workstation kernel: possible SYN flooding on port > 38211. Sending cookies. > > (i have and app running on port 38211). > Is an way to block it with iptables? If it is tcp protocol then you could try the following method as root. It allows only 1 connection from the same source IP within the last 20 seconds: #! /bin/sh ... if cat /proc/net/ip_tables_matches | grep "recent" &>/dev/null ; then # if anybody from the list WATCHLIST, and in the last 20 sec, tries to do new connect attempts then DROP them! /sbin/iptables -A INPUT --match recent --name WATCHLIST --rcheck --seconds 20 -j DROP # accept client at port tcp:38211 and register in WATCHLIST /sbin/iptables -A INPUT -p tcp --dport 38211 --match recent --name WATCHLIST --set -j ACCEPT else echo "# ipt_recent module is not loaded. Cannot use WATCHLIST feature. Ask your HN admin." /sbin/iptables -A INPUT -p tcp --dport 38211 -j ACCEPT fi ... -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
