firewall: Implement generating SYNPROXY rules

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-12 20:16:49 +02:00 · 2024-04-18 21:11:43 +00:00
parent ad03130f24
commit 175ba983f4
2 changed files with 16 additions and 0 deletions
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -407,6 +407,10 @@ iptables_init() {
 	iptables -t nat -N REDNAT
 	iptables -t nat -A POSTROUTING -j REDNAT

+	# SYN Flood Protection
+	iptables -t raw -N SYN_FLOOD_PROTECT
+	iptables -t raw -A PREROUTING -p tcp --syn -j SYN_FLOOD_PROTECT
+
 	# Populate IPsec chains
 	/usr/lib/firewall/ipsec-policy