I''ve implemented optional syn flood protection and have made a copy available for testing. This implementation adds a fourth column to the /etc/shorewall/policy file: LIMIT:BURST The LIMIT is a maximum rate such as 4/sec -- the BURST is the maximum burst of SYNs acceptable. SYN rates in excess of what is specified result in SYN packets being dropped. Example of a complete entry: net dmz ACCEPT - 10/sec:40 Feedback welcome, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Wed, 24 Apr 2002, Tom Eastep wrote:> I''ve implemented optional syn flood protection and have made a copy > available for testing. >The code is in the same place( http://www.shorewall.net/pub/shorewall/Beta ) and contains the White List code as well. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Wed, 24 Apr 2002, Tom Eastep wrote:> > The code is in the same place( http://www.shorewall.net/pub/shorewall/Beta > ) and contains the White List code as well. >The code has been updated to do a more intelligent job of handling syn flood parameters on a policy chain (corresponds to a policy with at least one "all"). This is basically what I intend to release as 1.2.13 -- probably Sunday or Monday. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net