Hi All, I am looking for to add protection to firewall (IPTABLES based) specifically for SYN flood and DDoS attack to start with and, to that end, was trawling through the archives of this mailing lists and other places Google suggested I visit. Unfortunately, what I found suggests that there is some debate about how best to approach this. Specifically, many postings suggest using a 'limit' module or TCP flag combinations, but other postingssay that such rules will not help and in fact may even themselves act as a kind of internal DoS! So my question is, has there been a resolution to this case? Can I protect my Linux Firewall using IPTABLES? Many Thanks, Thiago Oliveira -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
