My server is currently under a synflood attack. I've enabled synflood protection in CSF with the following settings
SYNFLOOD = On
SYNFLOOD_RATE = 20/s
SYNFLOOD_BURST = 10
It seems to be successfully detecting them, as my log/messages is filled with
... server kernel: [ 944.509361] Firewall: *SYNFLOOD Blocked* IN=eth0 ...
However, those IPs are not getting blocked (added to the deny list). I have to manually add them in order to stop the attack.
How can I make CSF automatically add the IP to the block list once a synflood attack from it is detected?
SYNFLOOD = On
SYNFLOOD_RATE = 20/s
SYNFLOOD_BURST = 10
It seems to be successfully detecting them, as my log/messages is filled with
... server kernel: [ 944.509361] Firewall: *SYNFLOOD Blocked* IN=eth0 ...
However, those IPs are not getting blocked (added to the deny list). I have to manually add them in order to stop the attack.
How can I make CSF automatically add the IP to the block list once a synflood attack from it is detected?