#Ping洪水攻擊(Ping of Death)
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
#防止同步包洪水(Sync Flood)
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
#防止各種端口掃描
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT