IMO, you have to --limit for each of the computer separately (1 chain
for each IP address), otherwise you will block both the instruder and
the legitimate users.
Perhaps the better solution is to install an IDS and completely block
instruder, wait until he/she contacts you and ask for worm remo
Perhaps someone will help me on this :-
I have read a lot of examples of syn flood protect on the INPUT chain.
That I have no question at all.
I wonder if it make sense to perform syn flood protection
at the FORWARD chain ? If packets are originated from a
LAN worm, and are not targetted at the