Could be done with linux/tc (traffic controL) and control the number of sync's. Exceeding quota shall block the sync (but not reset the connection) until amount of sync goes below threshold.
this has now been included (thanks you messede degod). 8k syn burst per container, then 2syn/second.
Global limit 10k sync bursts and on exhaustion 20syn/sec
prevent mass scanning.
Could be done with linux/tc (traffic controL) and control the number of sync's. Exceeding quota shall block the sync (but not reset the connection) until amount of sync goes below threshold.