Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are common threats that every publicly accessible web server faces. PORTFLOOD and SYNFLOOD are the two directives in the CSF firewall to prevent DDoS. SYNFLOOD is disabled by default, but if you are expecting an attack you should enable it and set the rules. Follow the instructions below in order to utilize SYNFLOOD properly.
1) Login to your WHM interface.
2) Select Plugins (Home >> Plugins).
3) Select the icon ‘ConfigServer Security & Firewall’.
4) Click on the option ‘Firewall configuration’.
5) Change the SYNFLOOD settings like,
SYNFLOOD = “1″
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10"
SYNFLOOD_RATE: Number of SYN packets to accept per IP, per second.
SYNFLOOD_BURST: Number of times the IP can hit the rate limit before being blocked in the firewall.
6) To enable PORTFLOOD settings, change the settings as like the below:
UDPFLOOD = “1″
7) Restart CSF.