Using iptables firewall against syn flood attacks
 

Could someone help with configuring an iptables firewall using hashlimits against syn flood attacks. On my other 'test' pc i've got an tool named PortFuck. With the tool i can put my server offline, it's flooding syn attacks. I've tried to use a lot of stuff like APF/Mod_evasive/Dos deflate but all those software doesnt word against the hardness of the flood. A long time ago someone configured my iptables firewall with fwlogwatch and it blocked the flood, the server didnt go offline! But i lost all the files and settings (damn bad!).. I've heared something about hashlimits in CentOS 5 (with newest kernel). Could someone write me an working iptables firewall against syn floods?

Regards.

I'm too drunk to remember the exact syntax, but there's a --limit option for iptables... something like --limit 10/min from an ip address should cover such attacks.

Urgh.. Ok, i've used Google many times but i can't find the iptables rules i am looking for..

I'm sorry I can't completely understand the way that you have phrased the question; however does either of these help at all?
http://www.cyberciti.biz/tips/howto-...n-attacks.html
http://www.securityfocus.com/infocus/1729

If they fail, perhaps a more general description of firewalls http://www.linuxhomenetworking.com/w...Using_iptables or http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html.

Alternatively, and if all else fails, there is this bit of light reading http://iptables-tutorial.frozentux.n...tml/index.html. A lovely bit of work, but not lightweight.

Is iptables a requirement for your scenario? There is a SYN flood protection mechanism built into the kernel that you can enable with sysctl, i.e.:

# sysctl net.ipv4.tcp_syncookies=1

# sysctl net.ipv4.tcp_syncookies=1 this wont work for me, the syn flood is too hard. (only 1 computer syn flooding)