Hello list, I have finally come to know the bad effect of syn-flood protection. `````````````````````` iptables -N syn-flood iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN iptables -A syn-flood -j DROP ``````````````````````````` The codes above drops the packets blindly if a single host initiate a syn-flood and as a result other hosts can't get the ports. Is there a way to modify the rules so it drop the packets from the host which is sending the syn-flood packets ? eagerly waiting for a response. Thanks -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
