Denial-of-service firewall for Linux/netfilter

by Martin Hinner

[ download ] [ feedback ]

What is dosfw?

DOSfw is simple Linux netfilter firewall module which drops denial-of-service attack packets. Current version supports only two attacks and TCP Fingerprint scan, but you may expect other attacks in (hopefully near) future. If you want contribute, do not hesitate to contact me.


This program is available at


You will need Linux kernel with netfilter (I use 2.3.18). Extract downloaded tarball to /usr/src (bzip2 -dc dosfw-x.y.tar.bz2 | tar xvf -). Then run `make all'. The configuration script called from Makefile will ask you which firewall parts would you like to enable. You should always answer [y]es. After successful compile do "insmod dosfw". Now, your kernel will drop all "dangerous" packets.


Test suite is available at

See also

Last updated on 22 October 1999
by Martin Hinner,