I been using a modifed version of dos deflate to block connections with so many syn_recv but its not perfect. Only can run every minute and havent really made a viable unban feature.
If there was a thing on csf like connection tracking that parsed netstat for so many syn_recv connections per ip and ban the ones with the limit, I usually do 10 but sometimes it can ban legit users.
And make it where you can run every 30 seconds or something. This would be an awesome feature on csf and would help greatly dealing with ddos.
syn block feature
Hi, chirpy, Thanks for adding the new ct_states option. I dont know if it was related to this suggestion or not but it is very useful.
What Ive done now on the syn attacks is set ct_states to SYN_RECV, running ct every 30 seconds, and setting a limit of around 10-20 and it does great. A lot faster then the lil syn block I been using which runs every minute.
does great. CSF is a very effective firewall for ddos issues, Its one of the first things I install on every server an I recommend it to everyone
I sent a small donation, not much but to show my thanks. I know Ive used your scripts enough. Ill try to help out every chance I get
Thanks again
What Ive done now on the syn attacks is set ct_states to SYN_RECV, running ct every 30 seconds, and setting a limit of around 10-20 and it does great. A lot faster then the lil syn block I been using which runs every minute.
does great. CSF is a very effective firewall for ddos issues, Its one of the first things I install on every server an I recommend it to everyone
I sent a small donation, not much but to show my thanks. I know Ive used your scripts enough. Ill try to help out every chance I get
Thanks again
