On Sat, 2010-02-27 at 11:05 +0530, ratheesh k wrote: > iptables -A INPUT -j DROP . > iptables -A OUTPUT -j ACCEPT > > When i syn flooded my desktop . I can see all pkts are getting > rejected by the rule . But system becomes slow beacuse of this . Is > there any way to make system fast ? will black listing will help ? IIRC syn_cookies were meant to deal with that. echo 1 > /proc/sys/net/ipv4/tcp_syncookies http://www.securityfocus.com/infocus/1729 http://www.unixresources.net/linux/lf/57/archive/00/00/09/85/98546.html -- Rob -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
