[Firehol-support] SYN Flood protection

Phil Whineray phil at sanewall.org
Sat May 10 09:57:32 BST 2014


Sim

Sorry for the slow reply - too many fingers in too many pies. This does
sound like it could be useful.

For now, it does look like it would be simple to use connlimit by just
embedding the commands towards the top of your firehol.conf. I don't
think it will conflict with anything else.

There are some examples here:
  http://www.cyberciti.biz/faq/iptables-connection-limits-howto/

Are able to give them a go to check they work for you? If they do,
perhaps you could write up the use-cases you would like to see supported
(or better yet add an issue https://github.com/ktsaou/firehol/issues/new ).
I will ensure it is not forgotten about.

I can't promise timescales, although if someone wants to have a go
at a patch, the existing limit code would be a sensible place to start.

Regards
Phil


On Mon, May 05, 2014 at 11:25:18AM +0200, Sim wrote:
> Hello!
> Any idea about this?
> Thanks,
> best regards
> 
> 
> 2014-04-15 9:57 GMT+02:00 Sim <simvirus at gmail.com>:
> 
> > Hello!
> > Is there a way to protect from SYN Flood?
> > Using "protection strong" (also with HI rate/burst) that rule drop all
> > connection (also good client)!
> > Is a good solution the "--connlimit" (from source source) or
> > "--connlimit-mask"...?
> > I have not found it in Firehol.
> > Thanks,
> > best regards
> >
> > ---
> > Sim
> >

> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support




More information about the Firehol-support mailing list