[enhancement]: SYN Flood attack protection

[mdecimus]

Which feature or improvement would you like to request?

Automatic defense against SYN flood attacks without needing a firewall.

Is your feature request related to a problem?

I'm having a problem with...

Code of Conduct

• I agree to follow this project's Code of Conduct

[lukaslihotzki]

SYN Flood protection is done by the kernel without explicit firewall. Just make sure the sysctl net.ipv4.tcp_syncookies is set to 1. The kernel only passes an incoming TCP connection to user space after the 3-way handshake completed, in which case the connection does not originate from a SYN Flood. Therefore, I don't see what stalwart could possibly implement. Some non-TCP listeners could implement flood protection in userspace, but then it wouldn't be called SYN flooding. Also, stalwart seems to listen on TCP only.

[mdecimus]

Probably the name is incorrect. The goal of this feature is to block hosts that repeatedly open connections and do not issue any commands within a configured time period.

[jheiss]

You'll want to be careful as that's pretty commonly what load balancer health checks do. But otherwise that seems like a potentially useful feature.