The intensity and efficiency are two centrally technical indicator of the firewall. The function of state checking of network's fire wall is to check the coming data pack, to judge if those connected entities are accordant with the rule of TCP/IP exchange. Attacks of DoS/DDoS send large numbers of short data packs to firewall in a short time. Those attacks may make firewall's iptables overflow and refuse new connection. The traditional solutions often increase the burden of the firewall. This paper puts a new temporary way to solution this problem in emergent state.