/etc/firehol/firehol.conf
# SYNPROXY
TRAP_PORTS="25 80"
SUSPECTS_TIMEOUT=3600
TRAP_TIMEOUT=86400
VALID_CONNECTION_COUNT=2
TRAP_ACTION="DROP"ipv4 synproxy input inface "${wan}" dst "${PUBLIC_IPS}" dport "${TRAP_PORTS}" accept
action4 SYN_TRAP_AND_${TRAP_ACTION} \
iptrap sockets src,dst,dst ${SUSPECTS_TIMEOUT} \
method hash:ip,port,ip counters \
state NEW log "SYN TRAP AND ${TRAP_ACTION} NEW SOCKET" \
src not ipset:whitelist \
next iptrap suspects src ${SUSPECTS_TIMEOUT} counters \
state NEW log "SYN TRAP AND ${TRAP_ACTION} NEW SUSPECT" \
ipset sockets src,dst,dst no-counters packets 1 \
next iptrap trap src ${TRAP_TIMEOUT} \
state NEW log "SYN TRAP AND ${TRAP_ACTION} TRAPPED" \
ipset suspects src no-counters packets-above ${VALID_CONNECTION_COUNT} \
next action ${TRAP_ACTION}
synproxy4 in,pass \
inface "${wan}" dst "${PUBLIC_IPS}" \
dport "${TRAP_PORTS}" action SYN_TRAP_AND_${TRAP_ACTION}
Links
