Results 1 to 2 of 2
  1. #1
    Join Date
    Dec 2005

    iptables - syn protection

    Hi. I am running a web server and a site that has 350+ visitors at any one time. I noticed some syn attacks today and I set a syn limiting rule with iptables, actually these:

    iptables -N syn-flood
    iptables -A INPUT -i eth0 -p tcp --syn -j syn-flood
    iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
    iptables -A syn-flood -j DROP

    However, that made loading the webpage VERY slow and almost impossible.

    Can someone help me with a set of rules that will not sacrifice apache performance?

  2. #2
    I generally install APF and enable synflood protections to let it handle the IPTables rules for synflood protection. Works great for me.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts