You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
haproxy-wi/app/scripts/syn_flood_protect.sh

27 lines
880 B

#!/bin/bash
if [[ $1 == "enable" ]]; then
if sudo grep -q "net.ipv4.tcp_syncookies = 1" /etc/sysctl.conf; then
5 years ago
echo "SYN flood protect has already enabled"
exit 1
else
sudo bash -c cat <<EOF >> /etc/sysctl.conf
# Protection SYN flood
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_max_syn_backlog = 1024
EOF
sudo sysctl -w net.ipv4.tcp_syncookies=1
sudo sysctl -w net.ipv4.conf.all.rp_filter=1
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=1024
sudo sysctl -w net.ipv4.tcp_synack_retries=3
fi
fi
if [[ $1 == "disable" ]]; then
sudo sed -i 's/net.ipv4.tcp_max_syn_backlog = 1024/net.ipv4.tcp_max_syn_backlog = 256/' /etc/sysctl.conf
sudo sed -i 's/net.ipv4.tcp_synack_retries = 3/net.ipv4.tcp_synack_retries = 5/' /etc/sysctl.conf
sudo sysctl -w net.ipv4.tcp_max_syn_backlog=256
sudo sysctl -w net.ipv4.tcp_synack_retries=5
fi