BFW Firewall & Router

configuration > system > Startup script

Código: Selecionar todos

iptables -t mangle -A POSTROUTING -p tcp -d 111.111.111.111 -j DROP
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 2 > /proc/sys/net/ipv4/tcp_synack_retries
echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
echo 1 > /proc/sys/net/ipv4/tcp_no_metrics_save
echo 1024 > /proc/sys/net/core/somaxconn
echo 1024 > /proc/sys/net/ipv4/tcp_max_syn_backlog


tested on 3.260.rc11 32bit-586

say your opinion

Good morning, folks.

abdopcnet escreveu:tested and working

Two questions:
1- What version of BFW you applied and tested these settings?
2- What the expected result? (so I can check if it makes what it has proposed to do)

Anyway, thanks for the tip.

See ya.

brunovescovi escreveu:Good morning, folks.

abdopcnet escreveu:tested and working

Two questions:
1- What version of BFW you applied and tested these settings?
2- What the expected result? (so I can check if it makes what it has proposed to do)

Anyway, thanks for the tip.

See ya.

bfw will handle more connections reduce ( ping requests & online games lag )

Código: Selecionar todos

iptables -t mangle -A POSTROUTING -p tcp -d 111.111.111.111 -j DROP

# to drop KMplayer synflood attacks

Código: Selecionar todos

echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout

# reduce time-wait timeout

Código: Selecionar todos

echo 2 > /proc/sys/net/ipv4/tcp_synack_retries
echo 3 > /proc/sys/net/ipv4/tcp_syn_retries

#useful to protect from syn-flood

Código: Selecionar todos

echo 1 > /proc/sys/net/ipv4/tcp_no_metrics_save

# The default is 0 which cach connection route causes slow ( mobile browsing errors )

Código: Selecionar todos

echo 1024 > /proc/sys/net/core/somaxconn

# The default is 128 which is very low

Código: Selecionar todos

echo 1024 > /proc/sys/net/ipv4/tcp_max_syn_backlog

# The default is 128 which is very low