On 27.02.2010 06:36, netfilter-owner@xxxxxxxxxxxxxxx wrote: > iptables -A INPUT -j DROP . > iptables -A OUTPUT -j ACCEPT > > When i syn flooded my desktop . I can see all pkts are getting > rejected by the rule . But system becomes slow beacuse of this . Is > there any way to make system fast ? will black listing will help ? > g00gle is your friend: search: syn flood protection iptables or: syn flood protection iptables hashlimit recent blacklist you can do some with a simple 'limit'. or more complex with 'hashlimit' and 'recent'. Best regards Mart -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
