0

This code does its job perfectly in limiting syn connections but in line 4 instead of 1/s i need it to be 1/5 seconds, it's an assignment i'm working on that needs to protect against syn-flood attacks

iptables -N syn_flood
iptables -A INPUT -p tcp --syn -j syn_flood
iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A syn_flood -j DROP
sylvain
  • 1
  • 1

1 Answers1

0

If you honestly believe that 1 syn per second is "too-much"... you've got some serious server issues. That being said, The minimum limit for limit is 1 second. Without rewriting that module, you're not going to be able to do less than 1 packet per sec.

Honestly, If you're trying to get 1 packet per 1/5 second... why not simply specify 5/s? (5 packets per second) that is pretty much the same thing.

If you're simply trying to limit connections per-host, try using connlimit instead of limit... or perhaps hitcount to limit per-ip connections.

TheCompWiz
  • 7,409
  • 17
  • 23
  • honestly it's an assignment i'm working on and this is the requirement that's why it's 1/5 seconds. could you help me out with the code to use hitcount or connlimit? – sylvain Nov 14 '19 at 20:46
  • As this is a very complicated topic, and require a lot of discussion, this isn't really the place to do that. Also, I am not a fan of doing other people's homework. – TheCompWiz Nov 18 '19 at 18:00