Use a higher limit for SYN packets to those services. IIRC your ruleset from before. /Oskar 2009/8/25 J. Bakshi <joydeep@xxxxxxxxxxxxxxx>: > Dear list, > > I really really need your help to configure iptables to cope with > "connection time out problem" Here what actually the situation is. > > I have configured iptables to drop nmap and other port scanning > techniques ( collected from internet, like XMAS scan, FIN scan etc...). > If I run nmap against the server ( like nmap -P0 <myserver> or nmap -P0 > -sT <myserver> ) then the firewall successfully dropping the scan > packets and make the nmap scan to wait for *looooong* . Good. But on > the other hand the http and mail server running on the server > providing "time out error" hence it is not possible to connect the mail > /apache and other services running on that server during port scanning > against it. Could any one kindly suggest how to cope with this situiation ? > > Thanks for your time. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
