switch OFF syn cookies

Posted by Nick on Server Fault See other posts from Server Fault or by Nick
Published on 2012-10-12T09:19:01Z Indexed on 2012/10/12 9:39 UTC
Read the original article Hit count: 215

Filed under:
|
|

We have several servers they have public IP's, but work together (one is with Load Balancer, orther with Apache Web server, other with MySQL and so on.

Most of the ports are fire-walled, so only "local" servers can be connect there. However ALL servers have some ports that must be publicly open.

We have SYN Cookies enabled and from time to time we got:

possible SYN flooding on port 8080. Sending cookies.

Port 8080 is not public. How we can switch OFF SYN Cookies for some ports (e.g. 8080, 3306 etc) or from some sources (e.g. our servers),

but in same time SYN Cookies to be switched ON for all other ports, e.g. port 80.

We found this similar problem, except our servers are with public IP's: SYN cookies on internal machines

© Server Fault or respective owner

Related posts about iptables

Related posts about ip