The invention relates to a method for preventing TCP SYN package flood attack, and belongs to the computer network security field. First, the firewall receives a client a TCP SYN connection request package, and responses, as an agent of the server, an acknowledgement of the TCP SYN connection request package with zero window size to the client. Then, the firewall records information about the TCP SYN connection request package and checks whether the connection request is legal. When the firewall has received a TCP SYN response package from the server, it returns an acknowledgement of said TCP SYN response package. At the same time, the firewall, as an agent of the server, sends an acknowledgement packet with nonzero window size to the client for initiating data transmission from the client. After that, data packets are transferred between the client and the server forwarded by the firewall as an agent. With the invention method, it can guarantee that protected servers in a computer network will not be destroyed by TCP SYN package flood attack.