[tor-relays] syn flood iptables rule

Toralf Förster toralf.foerster at gmx.de
Tue Mar 30 17:46:14 UTC 2021

On 2/22/21 3:27 PM, Toralf Förster wrote:
>   # DDoS
>   $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set
>   $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood
> --update --seconds 60 --hitcount 10 -j DROP

just for the record:

In the emanwhile I do think that this idea was BS.

The reason is that if an advisory spoofs the sender address then this
eventually blocks the (spoofed) sender address thereby.


More information about the tor-relays mailing list