[Firehol-support] please help, huge amounts of UDP traffic need to be dropped

maillist at bestworldweb.homelinux.com maillist at bestworldweb.homelinux.com
Fri Jul 18 00:23:14 CEST 2003


Hi Costa,

Would it be possible to ban specific IPs? Would that stop the problem?

Cheers

Paul



On Fri, 2003-07-18 at 10:18, Costa Tsaousis wrote:
> Hi Paul,
> 
> Well, if you didn't allow it... it is already blocked ! You should have
> logs about it. Check it.
> 
> In FireHOL, everything that is not allowed is blocked: in other words the
> traffic comes into the machine but the firewall cuts it, so it does not
> reach any application running on the machine, although the traffic already
> came there.
> 
> For most kinds of traffic this means that the first packet of a session
> gets into the machine, but becuase the machine does not acknowledge it, no
> other packets are send. This is true for TCP. But UDP and ICMP are
> stateless and do not care about acknowledgements. So, a firewall does not
> prevent this kind of traffic from consuming your bandwidth.
> 
> If there is something consuming precious bandwidth this way, you have to
> find a way of cutting it before entering the link you want to protect.





More information about the Firehol-support mailing list