实现自动SYN Flood防护

pkg/serverconfigs/firewallconfigs/http_firewall_policy.go

@@ -13,6 +13,7 @@ type HTTPFirewallPolicy struct {
 	BlockOptions     *HTTPFirewallBlockAction    `yaml:"blockOptions" json:"blockOptions"`
 	Mode             FirewallMode                `yaml:"mode" json:"mode"`
 	UseLocalFirewall bool                        `yaml:"useLocalFirewall" json:"useLocalFirewall"`
+	SYNFlood         *SYNFloodConfig             `yaml:"synFlood" json:"synFlood"`
 }
 
 // Init 初始化
@@ -23,6 +24,7 @@ func (this *HTTPFirewallPolicy) Init() error {
 			return err
 		}
 	}
+
 	if this.Outbound != nil {
 		err := this.Outbound.Init()
 		if err != nil {
@@ -30,6 +32,13 @@ func (this *HTTPFirewallPolicy) Init() error {
 		}
 	}
 
+	if this.SYNFlood != nil {
+		err := this.SYNFlood.Init()
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 

pkg/serverconfigs/firewallconfigs/syn_flood_config.go

@@ -0,0 +1,15 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package firewallconfigs
+
+// SYNFloodConfig Syn flood防护设置
+type SYNFloodConfig struct {
+	IsOn           bool  `yaml:"isOn" json:"isOn"`
+	MinAttempts    int32 `yaml:"minAttempts" json:"minAttempts"`       // 最小尝试次数/分钟
+	TimeoutSeconds int32 `yaml:"timeoutSeconds" json:"timeoutSeconds"` // 拦截超时时间
+	IgnoreLocal    bool  `yaml:"ignoreLocal" json:"ignoreLocal"`       // 忽略本地IP
+}
+
+func (this *SYNFloodConfig) Init() error {
+	return nil
+}