From a52da9d09e2a2bbad69bb655e7844fe7ace2a6d0 Mon Sep 17 00:00:00 2001
From: sushen339 <sushen339@gmail.com>
Date: Mon, 17 Nov 2025 17:32:55 +0800
Subject: [PATCH] sync

---
 nft.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nft.sh b/nft.sh
index 41a1081..8950ac8 100644
--- a/nft.sh
+++ b/nft.sh
@@ -81,9 +81,9 @@ table inet security_firewall {
         ip saddr @blackhole_v4 drop
         ip6 saddr @blackhole_v6 drop
 
-        # 3. SYN flood 防护 (阈值 500/s, 突发 200)
+        # 3. SYN flood 防护 (阈值 500/s, 突发 500)
         # 保护系统内存，防止大规模 SYN 攻击导致死机
-        tcp flags syn limit rate over 500/second burst 200 packets drop
+        tcp flags syn limit rate over 500/second burst 500 packets drop
 
         # 4. ICMP/Ping 限速 (阈值 50/s, 突发 50)
         ip protocol icmp limit rate over 50/second burst 50 packets drop