Hi,
below I have two cases for limiting traffic / connections:
# MAX HTTP-TRAFFIC (APACHE-WEBSERVER)
iptables -A INPUT -p tcp --dport 80 --syn -m limit
--limit 60 / minute -j ACCEPT
iptables -A INPUT -p tcp --dport 80 --syn -j REJECT
--reject-with port unreachable
# SYN-FLOODING PROTECTION
iptables -N syn-flood
iptables -A INPUT -i eth0 -p tcp --syn -j syn-flood
iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
iptables -A syn-flood -j DROP
My question:
Are this "realistic" values: 60 / min http & 1/s syn ??
I am not sure about how much traffic "normal" systems can handle
without too big problems...(I think it must be more than in my
examples..?)
In my case I have one server with PI-200-CPU/64MB and
isdn-dialup-connection and one server with K6-2-300-CPU/128MB and
sdsl-connection (via ethernet), both linux-2.4.x with iptables.
What values would be efficient for these systems?
Bye.