From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Braun <tb@westend.com>
Date: Thu, 18 Apr 2002 09:42:39 +0000
Subject: [LARTC] Syn Flood Protection
Message-Id: <marc-lartc-101912302203653@msgid-missing>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hallo Group,

i want to implement a syn Flood Protection on our linux Router.

on our Cisco we have  this  Access-list  and rat-limit

rate-limit input access-group 190 128000 128000 128000 conform-action transmit exceed-action drop
access-list 190 deny   tcp any any established
access-list 190 permit tcp any any
access-list 190 deny   ip any any

now  i was trying to wrote  the same config with tc

iptables  -A PREROUTING -i $uplinkdev  -t mangle -p tcp --syn -j MARK --set-mark 1
tc qdisc add dev $uplinkdev  handle ffff: ingress
tc  filter add dev $uplinkdev  parent ffff: protocol ip prio 50 handle 1 fw police rate 128kbit  burst 10 mtu 15k drop flowid :1

But many from our Customers can't connect to our Webservers.

what is wrong on my config?

cu thomas braun

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/