[Firehol-support] "protection strong" on routes

Carlos Rodrigues carlos.efr at mail.telepac.pt
Fri Apr 14 21:14:58 BST 2006


"protection bad-packets" sounds better and is more expressive than
"protection basic".

On 4/14/06, Jean-Michel Hiver <jhiver at ykoz.net> wrote:
> Carlos Rodrigues a écrit :
>
> >Hi!
> >
> >I'm using "protection strong" on both "interface"s and "router"s, but
> >I'm starting to wonder if that's such a good idea...
> >
> >The problem is in the flood protection. In a network with 100+
> >simultaneous users, "syn-floods" matches quite a lot of packets.
> >
> >The alternative is either to specify a higher rate than the default,
> >or to specify all the other protection types, and exclude the flood
> >ones, like:
> >
> >   protection "invalid fragments new-tcp-w/o-syn malformed-xmas
> >malformed-null malformed-bad"
> >
> >(I think is is valid syntax, isn't it? Or one has to specify multiple
> >protection commands?)
> >
> >I think, just like there is a "strong" shortcut, there should also be
> >"flood" (syn and icmp) and "bad" shortcuts.
> >
> >For example, "protection bad" would be a shortcut for the protections above.
> >
> >
> I think it's a good idea but "protection bad" is a terrible name. It
> sounds  like "a bad protection" which is completely against firehol's
> rule of clarity.
>
> Maybe it should simply be "protection bad-packets" or "protection basic"
> or something.
>
> Cheers,
> Jean-Michel.
>
> --
> Jean-Michel Hiver - http://ykoz.net/
> Découvrez la Réunion des Technologies IP & Telecom
> TEL: +262 (0)262 55 03 98 - RCS 434 273 330 SAINT PIERRE
>
>
>


--
Carlos Rodrigues




More information about the Firehol-support mailing list