Jeremy,
I can confirm that SYNcookies are NOT part of the firewall mechanism of the kernel.
CONFIG_NETFILTER option in linux 2.6 is the toggle for linux packet filtering support called 'netfilter'(iptables)... There are many sub-choices/options for netfilter.
CONFIG_SYN_COOKIES however is a different choice, that allows you to enable/disable compiling support for SYNcookies SYN-flood-defense support.
Please also note that you generally cannot properly 'firewall out' a typical spoofed-source SYN flood without preventing legitimate access to your server.
Jeremy,
I can confirm that SYNcookies are NOT part of the firewall mechanism of the kernel.
CONFIG_NETFILTER option in linux 2.6 is the toggle for linux packet filtering support called 'netfilter' (iptables) ... There are many sub-choices/options for netfilter.
CONFIG_SYN_COOKIES however is a different choice, that allows you to enable/disable compiling support for SYNcookies SYN-flood-defense support.
Please also note that you generally cannot properly 'firewall out' a typical spoofed-source SYN flood without preventing legitimate access to your server.