Syn flood protection using iptables

General support questions
Post Reply
mehmetmirac
Posts: 11
Joined: 2022/03/31 06:37:43

Syn flood protection using iptables

Post by mehmetmirac » 2023/06/05 10:47:29

Hi all,

We are using Centos7 and we want to protect our system from SYN Flood attack using iptables. (I know there are different options like: setting syn cookies, kernel configurations but we also want to use iptables rules to protect system). After many researchs we found some rules to add our iptables rules. These are:

iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT

It seems these rules do not work in our system. I know there is rule priority in iptables rules. I even tried to add these rules at the top of my iptables rules. However it does not work.

To see if these rules work, we do a test like this:

We are sending 10 TCP packets per second and they stay for 10 seconds. So we see 100 established connections momentarily.
That's how we checked the connections numbers:
netstat | grep port_number | grep ESTABLISHED | wc -l

After that we adding the rules to the iptables and we checked with above command. However number of connections do not change. So any idea what is wrong with the rules or what is the best way to protect the system from SYN Flood using iptables? Thank you for your help.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Syn flood protection using iptables

Post by TrevorH » 2023/06/05 11:06:07

The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mehmetmirac
Posts: 11
Joined: 2022/03/31 06:37:43

Re: Syn flood protection using iptables

Post by mehmetmirac » 2023/06/05 14:02:21

TrevorH wrote:
2023/06/05 11:06:07
https://www.redhat.com/en/blog/mitigate ... nux-7-beta works for me.
How do you test this? How to understand does it work or not?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Syn flood protection using iptables

Post by TrevorH » 2023/06/05 14:27:25

I'm pretty sure that if you google for tools to launch a syn flood attack you will find something that can do it. We were "lucky" that someone decided to test it for us... :-(
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply