[Firehol-support] please help, huge amounts of UDP traffic need to be dropped

[Costa Tsaousis]

Hi Paul,

Well, if you didn't allow it... it is already blocked ! You should have
logs about it. Check it.

In FireHOL, everything that is not allowed is blocked: in other words the
traffic comes into the machine but the firewall cuts it, so it does not
reach any application running on the machine, although the traffic already
came there.

For most kinds of traffic this means that the first packet of a session
gets into the machine, but becuase the machine does not acknowledge it, no
other packets are send. This is true for TCP. But UDP and ICMP are
stateless and do not care about acknowledgements. So, a firewall does not
prevent this kind of traffic from consuming your bandwidth.

If there is something consuming precious bandwidth this way, you have to
find a way of cutting it before entering the link you want to protect.

-- 
Costa Tsaousis

maillist at bestworldweb.homelinux.com said:
> Hi,
>
> I have been using firehol for nearly 6 months and I love it. Over the
> past couple of weeks a couple of IPs have been sending me huge amounts
> of UDP traffic, kilobytes of it a second, on werid ports such as port
> 1104! I found this out using iptraf.
>
> my firehol config file has  an interface set up as follows:
>
> interface eth0 internet
>
> I need to block ALL UPD traffic on this interface.
>
> What can I do???
>
> Please help me.
>
> Thanks in advance.
>
> Paul
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support