Hi.. PORTFLOOD setting---

[natalis]

Dear Staff, Hi

I new in csf, please this info, I have setup the for try PORTFLOOD setting:

"80;tcp;500;5" now I see in ipt_recent many log, whit ip, among which different ip of google, now if I have understans block if the ip make 500 connection in 5 second, I have made the test to put 500 5 for try,
as it is possible that an ip makes 500 connections in 5 seconds, and I always have the log ipt_recenc full,

this feature work correct, or have some problem. or I have make the setup wrong

Thnaks
Best Regards
Natalis

[chirpy]

I'm afraid that I don't understand what the problem is from your description of what you are seeing.

[natalis]

Dear chirpy, Hi

Thnaks you for the reply, and help, please sorry I am Italian and my English is not good,
can give that is correct, and I am me that I don't understand, but the function work well, but I have to be sure.

I report me to the function "Enable SYN flood protection"
my setup:
SYNFLOOD = "1"
SYNFLOOD_RATE = "100/s"
SYNFLOOD_BURST = "150"

PORTFLOOD = "80;tcp;300;5"

now after this I restart csf -r

and go in iptables_recent, and see 80 whit namy ip address

src=91.80.60.68 ttl: 117 last_seen: 438881450 oldest_pkt: 17 438868239,
src=66.197.176.135 ttl: 58 last_seen: 438902504 oldest_pkt: 7 438868033,
src=66.249.72.130 ttl: 55 last_seen: 438898185 oldest_pkt: 3 438878072,

now I ask this is corre correct the ip 66.249.72.130 is of google, is possibile what have make 300 connection in 5 seconds and is block
or I not have understand nothing of on the function Enable SYN flood protection,
I have make test with PORTFLOOD = "80;tcp;500;5" and I have the same result whit in the list ip recent ip adress of google.

Thnaks
Best Regards
Natalis

[chirpy]

As I understand it, the recent iptables module lists all IP addresses that come through on the port being watched. It only blocks after the hits/time interval is reached. So you will see blocked and unblocked IP addresses in the iptables_recent files.