[Firehol-support] "protection strong" on routes
Jean-Michel Hiver
jhiver at ykoz.net
Fri Apr 14 19:46:06 BST 2006
Carlos Rodrigues a écrit :
>Hi!
>
>I'm using "protection strong" on both "interface"s and "router"s, but
>I'm starting to wonder if that's such a good idea...
>
>The problem is in the flood protection. In a network with 100+
>simultaneous users, "syn-floods" matches quite a lot of packets.
>
>The alternative is either to specify a higher rate than the default,
>or to specify all the other protection types, and exclude the flood
>ones, like:
>
> protection "invalid fragments new-tcp-w/o-syn malformed-xmas
>malformed-null malformed-bad"
>
>(I think is is valid syntax, isn't it? Or one has to specify multiple
>protection commands?)
>
>I think, just like there is a "strong" shortcut, there should also be
>"flood" (syn and icmp) and "bad" shortcuts.
>
>For example, "protection bad" would be a shortcut for the protections above.
>
>
I think it's a good idea but "protection bad" is a terrible name. It
sounds like "a bad protection" which is completely against firehol's
rule of clarity.
Maybe it should simply be "protection bad-packets" or "protection basic"
or something.
Cheers,
Jean-Michel.
--
Jean-Michel Hiver - http://ykoz.net/
Découvrez la Réunion des Technologies IP & Telecom
TEL: +262 (0)262 55 03 98 - RCS 434 273 330 SAINT PIERRE
More information about the Firehol-support
mailing list