[Firehol-support] "protection strong" on routes
jhiver at ykoz.net
Fri Apr 14 19:46:06 BST 2006
Carlos Rodrigues a écrit :
>I'm using "protection strong" on both "interface"s and "router"s, but
>I'm starting to wonder if that's such a good idea...
>The problem is in the flood protection. In a network with 100+
>simultaneous users, "syn-floods" matches quite a lot of packets.
>The alternative is either to specify a higher rate than the default,
>or to specify all the other protection types, and exclude the flood
> protection "invalid fragments new-tcp-w/o-syn malformed-xmas
>(I think is is valid syntax, isn't it? Or one has to specify multiple
>I think, just like there is a "strong" shortcut, there should also be
>"flood" (syn and icmp) and "bad" shortcuts.
>For example, "protection bad" would be a shortcut for the protections above.
I think it's a good idea but "protection bad" is a terrible name. It
sounds like "a bad protection" which is completely against firehol's
rule of clarity.
Maybe it should simply be "protection bad-packets" or "protection basic"
Jean-Michel Hiver - http://ykoz.net/
Découvrez la Réunion des Technologies IP & Telecom
TEL: +262 (0)262 55 03 98 - RCS 434 273 330 SAINT PIERRE
More information about the Firehol-support