Решил потестить фаервол сервера hping-ом, с машины на хорошем канале:
hping3 -i u1 -S -p test.ru
sysctl -p на test.ru:
net.ipv4.conf.all.rp_filter = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.conf.all.forwarding = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 30
iptables (кусок который может быть полезен)
# Invalid packed
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -m state --state INVALID -j DROP
$IPTABLES -A OUTPUT -m state --state INVALID -j DROP
# SYN flood
$IPTABLES -N thyl-syn-flood
$IPTABLES -A INPUT -p tcp --syn -j thyl-syn-flood
$IPTABLES -A thyl-syn-flood -m limit --limit 2/s --limit-burst 6 -m comment --comment "Limit TCP SYN rate" -j RETURN
$IPTABLES -A thyl-syn-flood -m recent --name blacklist_180 --set -m comment --comment "Blacklist source IP" -j DROP
$IPTABLES -A INPUT -p tcp --syn -m limit --limit 5/s -i eth0 -j ACCEPT
# UDP
$IPTABLES -A INPUT -i eth0 -p UDP -f -j DROP
$IPTABLES -A INPUT -i eth0 -p UDP --dport 7 -j DROP
$IPTABLES -A INPUT -i eth0 -p UDP --dport 19 -j DROP
$IPTABLES -A INPUT -i eth0 -p UDP --dport 135:139 -j DROP
$IPTABLES -A INPUT -i eth0 -p TCP --dport 135:139 -j DROP
$IPTABLES -A INPUT -i eth0 -p UDP -m pkttype --pkt-type broadcast -j DROP
$IPTABLES -A INPUT -i eth0 -p UDP -m limit --limit 3/s -j ACCEPT