haproxy-wi/app/scripts/syn_flood_protect.sh

27 lines
878 B
Bash
Raw Normal View History

2018-07-17 03:21:08 +00:00
#!/bin/bash
if [[ $1 == "enable" ]]; then
2018-08-17 04:41:50 +00:00
if sudo grep -q "net.ipv4.tcp_syncookies = 1" /etc/sysctl.conf; then
echo "SYN flood protectd allready enabled"
2018-08-17 04:41:50 +00:00
exit 1
else
sudo bash -c cat <<EOF >> /etc/sysctl.conf
2018-07-17 03:21:08 +00:00
# Protection SYN flood
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_max_syn_backlog = 1024
EOF
2018-08-17 04:41:50 +00:00
sudo sysctl -w net.ipv4.tcp_syncookies=1
sudo sysctl -w net.ipv4.conf.all.rp_filter=1
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=1024
sudo sysctl -w net.ipv4.tcp_synack_retries=3
fi
2018-07-17 03:21:08 +00:00
fi
if [[ $1 == "disable" ]]; then
2018-08-17 04:41:50 +00:00
sudo sed -i 's/net.ipv4.tcp_max_syn_backlog = 1024/net.ipv4.tcp_max_syn_backlog = 256/' /etc/sysctl.conf
sudo sed -i 's/net.ipv4.tcp_synack_retries = 3/net.ipv4.tcp_synack_retries = 5/' /etc/sysctl.conf
2018-07-17 03:21:08 +00:00
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=256
sudo sysctl -w net.ipv4.tcp_synack_retries=5
fi