On Mon, Jun 2, 2008 at 2:23 PM, Tom Eastep <[EMAIL PROTECTED]> wrote:
> Lucas Frazzetto wrote:
>
>> Hello everyone, is a pleasure to be here.
>> I have a problem with my server, it runs qmail SMTP and protect it with
>> shorewall. Since yesterday I get syn flood attacks on port 25, which means
>> that no longer meet. How can I stop this with shorewall?
>>
>
> You can't stop it -- you can only cause excess syn packets to be dropped.
>
>
>>
>
>> policy:
>> #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
>> (we must put here?)
>>
>
> Yes -- in your net->all policy. It would also be a good idea to put this in
> your /etc/shorewall/start file:
>
> echo 1 > /proc/sys/net/ipv4/tcp_syncookies
>
> -Tom
>
> loc net ACCEPT
>> $FW net ACCEPT
>> net all DROP info
>> all all REJECT info
>>
>
> -Tom
>
I saw some more settings (using iptables and echos in /proc) in this post:
http://www.webhostingtalk.com/archive/index.php/t-355411.html
Is the above single setting enough to minimize Syn Flood Attack or some
settings in this post can improve this measure ?
-Gilson
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
