iptables

battles · 08-22-2019, 08:51 AM

My iptables is setup to drop SYN flood records.

Code:

 *filter
:INPUT ACCEPT [2:169]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [35:4128]
:syn_flood - [0:0]

...

-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A syn_flood -m limit --limit 1/sec --limit-burst 3 -j RETURN
-A syn_flood -j DROP

My question is shouldn't the '-A syn_flood' lines come before the '-A INPUT'? Like:

Code:

-A syn_flood -m limit --limit 1/sec --limit-burst 3 -j RETURN 
-A syn_flood -j DROP
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

Thanks

TenTenths · 08-22-2019, 08:53 AM

Try re-formatting your post using the CODE tags so that it's readable and you might get an answer.

phil.d.g · 08-23-2019, 03:27 AM

No, they don't need to come first.

However, where's the rest of the rules? From what you've posted there isn't going to be any syn flood protection.

battles · 08-23-2019, 08:48 AM

Quote:

Originally Posted by phil.d.g

No, they don't need to come first.

However, where's the rest of the rules? From what you've posted there isn't going to be any syn flood protection.

Yes, they are in there. I just didn't post them. Thanks