From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <swmike@swm.pp.se>
Received: from uplift.swm.pp.se (ipv6.swm.pp.se [IPv6:2a00:801::f])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id 4C0D43CB3F;
 Tue,  3 Sep 2019 08:23:57 -0400 (EDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501)
 id 2EF50B1; Tue,  3 Sep 2019 14:23:56 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail;
 t=1567513436; bh=HGl7kbolpRMwYQ8lDpLAvdo+6kBwvmaK5cI2xruJ4+I=;
 h=Date:From:To:cc:Subject:In-Reply-To:References:From;
 b=l44Ps0f10+6pZf1iiCL47F2hyH/JsDJ3n/DQOpm8Ab+pdCJlTwqA2BJnbbjn7glJv
 xb8SM+YymWjGf5ErjsHjj1kuriGZoqPJbyqSuK6AS33uNRGb3uk36/YeE5Mw76g7hi
 LG7lMCERqoEOZjeA5BEIBTP4TxTtBMSqSo+nLn7A=
Received: from localhost (localhost [127.0.0.1])
 by uplift.swm.pp.se (Postfix) with ESMTP id 2D600B0;
 Tue,  3 Sep 2019 14:23:56 +0200 (CEST)
Date: Tue, 3 Sep 2019 14:23:56 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Dave Taht <dave.taht@gmail.com>
cc: bloat <bloat@lists.bufferbloat.net>, 
 cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
In-Reply-To: <CAA93jw5OS9zxQasFFn6C2354yvyFO0xin+O6jYFrx46Ax5Tx=g@mail.gmail.com>
Message-ID: <alpine.DEB.2.20.1909031420320.21548@uplift.swm.pp.se>
References: <CAA93jw5OS9zxQasFFn6C2354yvyFO0xin+O6jYFrx46Ax5Tx=g@mail.gmail.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: Re: [Cerowrt-devel] [Bloat] talking at linux plumbers in portugal
	next week
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
 <cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
 <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2019 12:23:57 -0000

On Mon, 2 Sep 2019, Dave Taht wrote:

> with copy-pasted parameters set in the 90s - openwrt's default, last I
> looked, was 25/sec.

-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP

Well, it's got a burst-size of 50. I agree that this is quite 
conservative.

However, at least in my home we're not seeing drops:

# iptables -nvL | grep -A 4 "Chain syn_flood"
Chain syn_flood (1 references)
  pkts bytes target     prot opt in     out     source               destination
  2296  113K RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 25/sec burst 50 /* !fw3 */
     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* !fw3 */

But you might be right that in places with a lot more clients then this 
might indeed cause problems.

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se