SYN proxy is a firewall’s solution to protect against SYN flooding. It plays well under the low rate of attacks, but stumbles under heavy loads. In this paper, a novel approach based on SYN proxy is introduced, its design explained, and its performance evaluated. In this approach, the hash table is used to save half-connection states under light loads, and SYN cookie used under heavy loads. A bitmap is introduced into buckets of the hash table, which speedups of the lookup under SYN Flooding. Bucket length of the hash table is limited to a predefined value, thereby the performance degradation is prevented. A firewall implementing our proposal is tested, which shows that good performance is achieved. SYN plays is a firewall’s solution to protect against SYN flooding. It plays well under the low rate of attacks, but stumbles under heavy loads. In this paper, a novel approach based on SYN proxy is introduced, its design explained, and its performance evaluated . In this approach, the hash table is used to save half-connection states under light loads, and SYN cookie used under heavy loads. A bitmap is introduced into buckets of the hash table, which speedups the lookup under SYN Flooding. Bucket length of the hash table is limited to a predefined value, thereby the performance degradation is prevented. A firewall implemented our proposal is tested, which shows that good performance is achieved.