> Yes you are right, i want to set limit fot this packets and then > reject them with a limit with tcp-reset.In order to protect my > bandwidth from syn attacks and replies for that attacks. I think the rules you are suggesting will sooner or later make you rethink your strategy, as they will prevent normal TCP operation.
Look, these rules will look for any RST packets. Not only those from an attacker, but all RST's ever appearing. Hmm, the best way to prevent that, would be to prevent SYN attacks. The true power of SYN floods is using spoofed address. Do some ingress filtering to filter out IPs like 172.16.x.x, etc. Also you might try the solution proposed in Advanced Routing Howto in the Cookbook chapter. Anyway, answering with RSTs to attacked hosts won't reduce the traffic, but your thinking is clever. I am not really sure, if it should be done that way. Let the list members speak their minds. Regards, Maciej Soltysiak
