SYN flood protection - SYNFLOOD
Enable SYN Flood Protection. This option configures iptables to offer some protection from tcp SYN packet DOS attempts.
This option will slow down all new connections from any IP address to the server if triggered so it should only be
enabled if you are under a SYN flood attack.
Default: 0 Range: 0-1
SYN flood rate - SYNFLOOD_RATE
The maximum average matching rate.
Default: 100/s
SYN flood burst - SYNFLOOD_BURST
The maximum initial number of packets to match.
Default: 150
UDP flood protection - UDPFLOOD
Enable outgoing UDP Flood Protection. This option limits outbound UDP packet floods. These usually are from from exploit
scripts uploaded through vulnerable web scripts. If you use services that utilise high levels of UDP outbound traffic,
such as SNMP you will need to adjust UDPFLOOD_LIMIT and UDPFLOOD_BURST options accordingly.
Default: 0 Range: 0-1
UDP flood limit - UDPFLOOD_LIMIT
The maximum matching rate.
Default: 100/s
UDP flood burst - UDPFLOOD_BURST
The maximum initial number of packets to match.
Default: 500
UDP flood allowed users - UDPFLOOD_ALLOWUSER
A list of usernames that should not be rate limited. (comma separated eg. named to stop bind traffic from being limited)
Note: root user is always allowed.
Default: named
Connection limit - CONNLIMIT
Enable protection from DOS attacks against specific ports. This option limits the number of concurrent new connections
per IP address that can be made to specific ports.
Default: empty
Port flood - PORTFLOOD
Enable protection from DOS attacks against specific ports. This option limits the number of new connections per time
interval that can be made to specific ports.
Default: empty