[Firehol-support] "protection strong" on routes
Carlos Rodrigues
carlos.efr at mail.telepac.pt
Fri Apr 14 15:49:42 BST 2006
Hi!
I'm using "protection strong" on both "interface"s and "router"s, but
I'm starting to wonder if that's such a good idea...
The problem is in the flood protection. In a network with 100+
simultaneous users, "syn-floods" matches quite a lot of packets.
The alternative is either to specify a higher rate than the default,
or to specify all the other protection types, and exclude the flood
ones, like:
protection "invalid fragments new-tcp-w/o-syn malformed-xmas
malformed-null malformed-bad"
(I think is is valid syntax, isn't it? Or one has to specify multiple
protection commands?)
I think, just like there is a "strong" shortcut, there should also be
"flood" (syn and icmp) and "bad" shortcuts.
For example, "protection bad" would be a shortcut for the protections above.
--
Carlos Rodrigues
More information about the Firehol-support
mailing list