The tcp synflood limits in the firewall are set to 25 and a burst of 50, which is what they were set to back in the 20Mbit/5Mbit up/download days 8+ years ago. I'd argue that nowadays with a typical download speeds 5x that, that this is too low, particularly in busier than home environments.
Recently I did a set of tests in coffee shops and saw that 30% of my syn attempts were retried. There could have been a variety of reason for that, but....
It would be interesting for more folk to take a look at their busier environments and see how often this chain is hit:
iptables -nvL | grep -A 4 "Chain syn_flood"
As for what to do about it - not a clue - turn it off by default? Scale it as part of an sqm system?