[Firehol-support] "protection strong" on routes

Carlos Rodrigues carlos.efr at mail.telepac.pt
Fri Apr 14 15:49:42 BST 2006


Hi!

I'm using "protection strong" on both "interface"s and "router"s, but
I'm starting to wonder if that's such a good idea...

The problem is in the flood protection. In a network with 100+
simultaneous users, "syn-floods" matches quite a lot of packets.

The alternative is either to specify a higher rate than the default,
or to specify all the other protection types, and exclude the flood
ones, like:

   protection "invalid fragments new-tcp-w/o-syn malformed-xmas
malformed-null malformed-bad"

(I think is is valid syntax, isn't it? Or one has to specify multiple
protection commands?)

I think, just like there is a "strong" shortcut, there should also be
"flood" (syn and icmp) and "bad" shortcuts.

For example, "protection bad" would be a shortcut for the protections above.

--
Carlos Rodrigues




More information about the Firehol-support mailing list