[Firehol-support] Re: servere's firewall
Rick Marshall
rjm at zenucom.com
Sun May 1 22:30:49 BST 2005
Daniel Pittman wrote:
>On 30 Apr 2005, Grigory Fateyev wrote:
>
>
>>I need to write very security firewall for hosting server. Write
>>frirehol.conf for it. What I must do for improving protection? Please,
>>give me advice.
>>
>>
>
>[...]
>
>
>
>>blacklist full 195.97.5.202
>>
>>
>
>You *must* add a comment here, explaining to anyone else who looks at it
>*why* you blacklist that address. Otherwise, pain will ensue.[1]
>
>
>
>>mac xx.xx.xx.0/24 my MAC-address
>>
>>server_ips = "xxx.xxx.xxx.64/28"
>>trust_ips = "xx.xx.xx.0/24"
>>trust_dns = ""
>>
>>interface eth0 internet src "${server_ips}"
>>protection strong 10/sec 10
>>
>>
>
>This looks *much* too low for a hosting site. Ten connections a second
>is, like, two web pages a second.[2] You probably want something closer
>to "100/sec 200" or even higher.
>
>Also, *monitor* this in deployment to make sure it really does what you
>want, and that your clients don't suffer as a result.
>
>
>
ok, i thought the protection line was there primarily to prevent a dos
attack.
is there a formula relating line speed to legitimate requests per
second? i'm running 2mb symmetric at many locations so should i be
looking at 1000/sec 2000? and i need the web sites to be very responsive.
thanks
rick
<snip />
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rjm.vcf
Type: text/x-vcard
Size: 146 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20050502/496a156e/attachment-0002.vcf>
More information about the Firehol-support
mailing list