中文摘要：

分析了当前防御SYN Flood攻击防火墙常用的3种防护方式（SYN网关、被动式SYN网关和SYN中继），针对这3种保护方式防御性能的优缺点，提出了一种防御SYN Flood攻击的改进算法，并具体构建了一种新型的防御SYN Flood攻击模块，再配合Linux已有的防火墙工具iptables，使针对SYN Flood攻击的防御效果得到了进一步的改善和优化。最后，试验仿真测试结果表明，通过加载本防御模块，使系统增强了防御SYN Flood攻击的性能，可极大的提高网络的安全性。

英文摘要：

Analyzing three ftrewall protection way （SYN Gateway, passive SYN Gateway and SYN relay） often used at present for defense SYN Flood attack, the improvement algorithm of defense SYN Flood attack is put forward aiming at advantages and disadvantages of defense performance of three firewall protection way and the new defense SYN Flood attack module is designed, the defense effect of SYN Flood attack has further improvement and optimization by combining the existing Linux firewall tools-iptables. Experimental simulation test data shows, the performance of defence SYN Flood attack is enhanced and network security is greatly improved.