I am not aware of any features within Astaro that watches for SYN flood attacks. If the services are allowed in the rulebase, the server can be SYN flooded on those TCP ports.
It may be possible to hack this into the OS somehow, but I've never done anything like that, so I wouldn't know where to tell you to look.
I can't get an ssh session to mine at the moment (not ASL fault), but check /proc/sys/net/ipv4/tcp_syncookies (I think). 'cat' the file, and see what the contents is. If it's a '1' then you have syncookies enabled, and this will really help. Whilst not making you bomb proof, it goes a *really* long way to helping.
Basically, (for those that don't know) a SYN flood works on a normal system by keep sending SYNs, the first part of the tcp 3 way handshake. The server replies as normal with SYN+ACK, but the client doesn't ACK the SYN+ACK. It just keeps sending SYNs. Eventually, the server can run out, and DoS is acheived. Syncookies help, because when the server sends the SYN+ACK, it adds an encoded "cookie" to the packet, and then closes the socket, instead of keeping it open. If the client sends an ACK to the SYN+ACK, the server opens the "reserved" socket for the now established tcp flow/connection.
