Erdal: I don't have a solution for you, but I have a plea to all the 'limit' type module writers.
Could you please offer an option so that if the limit is _exceeded_ the rule jumps somewhere, rather than jumping somewhere until the limit is exceeded.... That way, you can easily insert and delete all the various limit rules and simply -j DROP (or -j LOGDROP in my case), rather than layering complexity by a -j some-custom-chain and having to build new chains to handle the limit rules.... It just makes it harder to figure out what's going on, and easier to make subtle mistakes. I narrowly averted having a wide open firewall (thanks nmap) because of one of those subtle errors.... Thanks, --Yan Erdal MUTLU wrote: > > Hello, > > Last Friday I installed a RedHat 7.2 with ext3 file system, custom 2.4.18 > firewall and ipytables-1.2.5. The server is a squid cache. When I try to use > it as a HTTP proxy I get a lot of SYN flood in my log file. > > $ipt --new-chain syn-flood > $ipt --append syn-flood --match limit --limit 1/s --limit-burst 4 --jump > RETURN > $ipt --append syn-flood --jump LOG --log-prefix "$fw SYNFLOOD:" > $ipt --append syn-flood --jump DROP > > ...... > > $ipt --append INPUT -i eth0 --protocol tcp --syn --jump syn-flood > $ipt --append INPUT -ieth0 --protocol tcp --syn --jump syn-flood > > I have RedHat 7.1 with ext2 with 3 interface cards and with the same rule and > works perfect. > > I changed Inter pro100 NIC to 3c905C-TX without success. > > What can be the cause of the problem? > > Best regards. > Erdal MUTLU -- Future fighter pilots: Me: Akari, WHAT are you DOING? Akari, age 3: Pushing the envelope. 5:19am up 6 days, 22:46, 15 users
