/etc insider

since 1999 (and still editing)

Is there synproxy for CentOS 6 kernel?

| Comments

I’m not sure but I think I heard about the concept of “SYN proxy” from OpenBSD’ pf originally. As you can notice there’s recommendation to use it carefully and the main purpose is SYN-flood DDoS mitigation. Well, when it comes to Linux it looks like only CentOS 7 with its 3.10 based kernel has SYNPROXY target built-in, meanwhile CentOS 6 based on 2.6.32 kernel version lacks of it. OTOH, from sources it doesn’t look like backport would be too complex to accomplish.

There’s also an LWN article on SYNPROXY target