Help save net neutrality! Learn more.

Wrong Shadowing detected

  • UlrichCM

    UlrichCM - 2008-11-26

    To avoid SynFloods i jump into the Chain SynFlood

    1. Any Source - Any Destination - FTP - All Interface - Inbound - Custom -j RETURN - Any Time - Options: hashlimit 1 per second
    2. Any Source - Any Destination - FTP - All Interface - Inbound - Deny - Any Time - Options: LOG

    This will found as Shadowing in Version 3 not in Version 2

    Only if there is more than 1 syn paket per second it will be dropped/deny.

    Maybe there exists a better way?

    • Vadim Kurland

      Vadim Kurland - 2008-12-03

      may be a couple of suggestions:

      instead of making custom chain you could put rule in the main rule set with action Deny and the same hashlimit configuration


      you could still use second ruleset "SynFlood" but create custom service with iptables string something like "  -m hashlimit --hashlimit 1/second --hashlimit-name htable_rule_0-j" and use it in the rule. In this case you match FTP service in the rule that does the branching.


Log in to post a comment.