I am receiving SYN DoS on one of my servers. I have seen that Shorewall has facilities for limiting SYN and ICMP packets. (from the FAQ). However I have not found an example about how to limit SYN connections. (tcp:syn + rate??) Also, I would like to know if there are any way to active /proc/sys/net/ipv4/tcp_syncookies from Shorewall. Regards, Rodolfo Pilas ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Rodolfo Pilas wrote:> I am receiving SYN DoS on one of my servers. > > I have seen that Shorewall has facilities for limiting SYN and ICMP > packets. (from the FAQ). However I have not found an example about how > to limit SYN connections. (tcp:syn + rate??)Use the RATE:BURST column in /etc/shorewall/policy. Example: #SOURCE DEST POLICY LEVEL BURST:LIMIT net all DROP info 5/second:10> > Also, I would like to know if there are any way to active > /proc/sys/net/ipv4/tcp_syncookies from Shorewall. >Place ''echo 1 > /proc/sys/net/ipv4/tcp_syncookies'' in /etc/shorewall/init. And remember, that option only applies to connections *to the firewall* and not to connections *through the firewall*. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/