SYN flood protection activates automatically?

Getting Started with IPFire
42

Hallo @gc1903

Welcome to the IPFire community.

I looked through this thread and used the sequence I identified in this post

https://community.ipfire.org/t/syn-flood-protection-activates-automatically/13295/27

to confirm that the problem is still present.

What is clear is that none of the posters that have had this problem have ever raised a bug on this, so it has dropped off anyone’s radar.

I will raise one now, so that it doesn’t get forgotten again, rather than wait for someone else to raise it.

As no bug has been raised on this then no one has worked on it, so the cause is not definitely known, although there were some inklings in other posts in this thread, but nothing has been confirmed.

Have you set the SYN Flood protection on some of the rules deliberately?

It looks like if you set SYN Flood on for a new rule being created not at the end of the list then the SYN Flood gets assigned to the rule at the end of the rule list.

If you take an existing rule that was created without SYN Flood protection and edit it to add SYN Flood protection then that is assigned to the rule that you edit.
I have confirmed this just now in my vm testbed system.

Looking back through this thread I think the best way to approach it is to edit all rules that have the SYN Flood enabled to disable it and only after all rules have been edited, including the last one in the list, then Press the button labelled Apply Changes.

You should then have a rules list none of which have the SYN Flood protection enabled.

Then edit the ones that you want SYN Flood protection on to enable it.

This sequence seems to have worked for my setup with 9 rules defined.

If you ever require a completely new rule defined with SYN Flood protection enabled and you intend to place it within the existing sequence of rules (ie not at the end), then first define that rule without SYN Flood protection enabled and save it and Apply Changes and then go back and edit that rule to enable the SYN Flood protection.

As you are mentioning Green to Red forwarding rules is it correct for me to presume that you have set the Forward and Outgoing Default Firewall Behaviour to Blocked instead of Allowed.

I don’t have that set up on my vm testbed so I will only be able to test out the Port Forward rules for Red to Green.

Trying to set up the Default mode to Blocked will take a lot of time to get a working system, as I will need to define firewall rules for everything that needs to access the outside internet.

1 Like
43

A bug has been raised on this issue.

https://bugzilla.ipfire.org/show_bug.cgi?id=13854

1 Like
44

Thanks for the comprehensive response! I am removing Syn Flood Protection for all rules, starting from the lowest (highest ordinal) and updating 20 at a time, refreshing browser, checking if all still disabled, them going on to next set. Will make backup of rules before any additional rules are added/deleted and will check again afterwards.

45

I have added SYN Flood protection to my Port Forward rules on my vm system for connections from red to systems on green.

I then tested out connecting with ssh and also using scp to copy a large file from the green system to a machine on the vm IPFire’s red interface and everything worked with no problems with SYN Flood protection enabled.

Can you confirm if your issue with SYN Flood protection enabled on firewall rules from Red to Green or from Green to Red and also when you say that those rules don’t work properly with SYN Flood protection enabled, can you describe what sort of problems you encounter?