Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.


Wrong Shadowing detected

  • UlrichCM

    To avoid SynFloods i jump into the Chain SynFlood

    1. Any Source - Any Destination - FTP - All Interface - Inbound - Custom -j RETURN - Any Time - Options: hashlimit 1 per second
    2. Any Source - Any Destination - FTP - All Interface - Inbound - Deny - Any Time - Options: LOG

    This will found as Shadowing in Version 3 not in Version 2

    Only if there is more than 1 syn paket per second it will be dropped/deny.

    Maybe there exists a better way?

    • Vadim Kurland
      Vadim Kurland

      may be a couple of suggestions:

      instead of making custom chain you could put rule in the main rule set with action Deny and the same hashlimit configuration


      you could still use second ruleset "SynFlood" but create custom service with iptables string something like "  -m hashlimit --hashlimit 1/second --hashlimit-name htable_rule_0-j" and use it in the rule. In this case you match FTP service in the rule that does the branching.