I'm running Ubuntu and want to allow only 100 waiting SYN connections at a given time, and drop the rest.
How can I configure iptables to implement this rule?
Or sysctl config to allow only 100, and drop the others
Asked
Active
Viewed 165 times
0
iTaMaR
- 3
- 3
-
What have you tried so far? What research have you done? What build of Ubuntu? – music2myear Mar 26 '21 at 01:23
-
sysctl: https://superuser.com/questions/1635367/high-cpu-load-on-syn-flood ubuntu server 18 – iTaMaR Mar 26 '21 at 03:10
-
Is this basically a repeat of your previous, unanswered question? – music2myear Mar 26 '21 at 03:16
-
@Scott it doesnt have to be iptables, in fact it better not be. I'd rather it'll be kernel (`sysctl`) solution, by allowing only and not by blocking, but i'll be greatful for an `iptables` rule as well – iTaMaR Mar 26 '21 at 03:20
-
@music2myear not exactly, but now I'm asking how to internally allow 100 half open connections, or what is the rule need to block this traffic? – iTaMaR Mar 26 '21 at 03:22
-
@iTaMaR, Why 100? What is your underlying goal? How did you determine that 1) you'll be fine with 100, and 2) you won't be fine with 101? How do you count syn cookie connections (are they half-open, or does the fact that the kernel isn't maintaining state mean they don't count?)? Is this 100 per open port, or 100 total for the interface? For the host? – Slartibartfast Mar 26 '21 at 04:59
-
@Slartibartfast I want the total `SYN_RECV` connection state of `eth0` (with any open ports) to count no more than 100. Syn cookies are not considered open connections, I'd like to abort the overflow (100+) connections or pass them to the syn cookies mechanism.. I care the most about preformance and wish to try to abort them completely first that might save some more CPU than the rest of the other methods, and I'd like to test the `iptables` rule preformance against the abort by kernel – iTaMaR Mar 26 '21 at 08:59