[Firehol-support] "protection strong" on routes

Jean-Michel Hiver jhiver at ykoz.net
Fri Apr 14 19:46:06 BST 2006


Carlos Rodrigues a écrit :

>Hi!
>
>I'm using "protection strong" on both "interface"s and "router"s, but
>I'm starting to wonder if that's such a good idea...
>
>The problem is in the flood protection. In a network with 100+
>simultaneous users, "syn-floods" matches quite a lot of packets.
>
>The alternative is either to specify a higher rate than the default,
>or to specify all the other protection types, and exclude the flood
>ones, like:
>
>   protection "invalid fragments new-tcp-w/o-syn malformed-xmas
>malformed-null malformed-bad"
>
>(I think is is valid syntax, isn't it? Or one has to specify multiple
>protection commands?)
>
>I think, just like there is a "strong" shortcut, there should also be
>"flood" (syn and icmp) and "bad" shortcuts.
>
>For example, "protection bad" would be a shortcut for the protections above.
>  
>
I think it's a good idea but "protection bad" is a terrible name. It 
sounds  like "a bad protection" which is completely against firehol's 
rule of clarity.

Maybe it should simply be "protection bad-packets" or "protection basic" 
or something.

Cheers,
Jean-Michel.

-- 
Jean-Michel Hiver - http://ykoz.net/
Découvrez la Réunion des Technologies IP & Telecom
TEL: +262 (0)262 55 03 98 - RCS 434 273 330 SAINT PIERRE






More information about the Firehol-support mailing list