I decided to uncomment the rule for SYN, DoS, floods....and now..every time i reload the firewall rules cause i am adding a port forward for exmaple; this DoS Rules get duplicated....i think there should be only a couple of this and i am getting like 20....:0
416K 28M port-filter all -- any any anywhere anywhere
19347 1064K ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,ACK
6 352 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,ACK
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,ACK
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,ACK
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,ACK
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,ACK
0 0 if-filter all -- any any anywhere anywhere state NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
0 0 DROP tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN,ACK
So i guess some script is not working as it should.....I will comment and reload and "uncomment" then and reload again to get only one..
But i see that the DoS and scanner rules which are:
# Attention: To enable the commands below can cause some side effects
# Syn-flood and DOS protection
#iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
# Port Scanners protection
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags ALL SYN,ACK -j DROP
Should i have all three un-commented or only the ports sacnners or dos protection....? or can all be un-commented...
Cheers and thanks,
Agustin