I’ve installed OpenWrt 18.06.0 on my Linksys E4200v2 and find it great.
I have noticed a rather large amount of syn_flood packets and this is ever increasing. The router has been up 9 days.
I have a pretty standard firewall. Are there any tips folks have to try to prevent flood attacks? Perhaps I need to disable ping replies on my external interface?
tcpdump (-mini is likely sufficient) filtering on those same flags and capture to a file would be how I'd approach it. You can either do it on the router, or from the ssh session on another machine.
You might be able to modify your firewall rules to log the packets' header information. At least for me, tcpdump is easier and doesn't change the device under test's configuration that is significant (usually).
I agree with @jeff, I'd check into where they are coming from.
I block this and only permit services that must ping me (e.g. HE.net's Tunnelbroker service). Many people I've mentioned this to in various forums always note that it doesn't "prevent" anything. I can identify 2 things:
Most scanners only using ICMP Request will not see your router
You cannot be DDoSed (i.e. your CPU running out of resources to route and NAT) with a ping of death
Also, I change all the default REJECT (sends ICMP-Unreachable) rules to DROP (silent). This prevents scanning for REJECTs sent from the router's firewall. It also prevents the creation of rejects, which can break traceroute in some configurations.
Thanks for the tips everyone. I did a quick tcpdump using some of these commands and I see nothing unusual, so I think perhaps I have nothing to worry about here.