Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.
To avoid SynFloods i jump into the Chain SynFlood
1. Any Source - Any Destination - FTP - All Interface - Inbound - Custom -j RETURN - Any Time - Options: hashlimit 1 per second
2. Any Source - Any Destination - FTP - All Interface - Inbound - Deny - Any Time - Options: LOG
This will found as Shadowing in Version 3 not in Version 2
Only if there is more than 1 syn paket per second it will be dropped/deny.
Maybe there exists a better way?
may be a couple of suggestions:
instead of making custom chain you could put rule in the main rule set with action Deny and the same hashlimit configuration
you could still use second ruleset "SynFlood" but create custom service with iptables string something like " -m hashlimit --hashlimit 1/second --hashlimit-name htable_rule_0-j" and use it in the rule. In this case you match FTP service in the rule that does the branching.