« Отговор #10 -: Aug 12, 2009, 16:33 »
Това е достатъчно
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
# stop Xmas Tree type scanning
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# stop null scanning
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP
# SYN/RST
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# SYN/FIN
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# stop sync flood
/sbin/iptables -N SYNFLOOD
/sbin/iptables -A SYNFLOOD -p tcp --syn -m limit --limit 1/s -j RETURN
/sbin/iptables -A SYNFLOOD -p tcp -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -p tcp -m state --state NEW -j SYNFLOOD