First find your scrubbing platform of choice, then build whatever they support.
----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Dev" <[email protected]> To: [email protected] Sent: Tuesday, July 18, 2017 5:21:33 PM Subject: [AFMUG] DIY DDoS box with iptables? What is the feasibility of building a DDoS protection box out of a bare Linux server running a dual-10G/40G NIC inline with iptables handling junk traffic, and then a third eth for management? Seems like the 10G/40G card could help scrub traffic before it hits your core? Has anyone built one? I’ve heard about CCR’s, but my experience with MT has been...weird, they just do weird stuff from time to time, YMMV, etc. etc., but I’ve had better luck with Cisco and the usual suspects. It seems like a purpose built vanilla Linux box would be easily upgradeable, universally supported with vanilla kernel support, etc. and you could just tweak stuff until you got it dialed, no?
