Some *practical* firewall advice needed from people running with SYN flood detection rules..... what do you consider reasonable limit and burst-limit values? The classic textbook values of 5 and 10 seem unreasonable as in:
-A INP_FLOOD -m limit --limit 5/second --limit-burst 10 -j RETURN -A INP_FLOOD -j LOG --log-prefix "SYN-FLOOD: " -A INP_FLOOD -j DROP
These just don't seem to work, especially with NFS active. I'm currently running with:
-A INP_FLOOD -m limit --limit 10/second --limit-burst 50 -j RETURN
But I'm curious as to what other people are running on their LAN servers, especially ones running NFS.
Ian
