J. Bakshi wrote: Any clue ? > Hello list, > > I have finally come to know the bad effect of syn-flood protection. > > `````````````````````` > iptables -N syn-flood > iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood > iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN > iptables -A syn-flood -j DROP > ``````````````````````````` > > The codes above drops the packets blindly if a single host initiate a > syn-flood and as a result other hosts can't get the ports. Is there a > way to modify the rules so it drop the packets from the host which is > sending the syn-flood packets ? > > eagerly waiting for a response. > Thanks > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html