Hi Glen, Thank you for mail and help,
actually I do not have these options on my openBSD box, on freeBSD box there are and I will implennt this. Thank you very much Kind regards, Elvir Kuric On Sun, Nov 9, 2008 at 12:09 PM, Glen Barber <[EMAIL PROTECTED]> wrote: > On Sun, Nov 9, 2008 at 4:37 AM, Elvir Kuric <[EMAIL PROTECTED]> wrote: >> Hi all, >> >> I am playing with pf tool on openbsd/freebsd platforms and it is super >> tool for firewalls. On thing is interesting for me, and I am hopping >> someone has expeience with this. >> >> If I say >> >> block log all >> block in log (all) quick on $ext_if proto udp from any to $ext_if >> >> this would block all traffic on $ext_if, but on my ext_if I recive a >> lot of ( huge amount ) of udp generated traffic which make me a lot >> of problems. >> I also tryed to add small pipe and play with ALTQ to handle this but >> it did not help a lot. Also I know that every packet which hit my >> ext_if should be >> processed ( or least take a little processor resources, if I block >> it with keyword quick ), but I am wondering is there some way to >> decrease impact on system >> when a lot of packets arive in short time. >> >> My question would be, what are your experinces with battling against >> boring udp flooders ? Platform are FreeBSD / OpenBSD and all works >> like a charm except time to time, stupid udp flood atacks. >> > > Not sure if this will help in your situation, but you could try > setting the 'blackhole' for UDP. (There is also one for TCP.) > > net.inet.tcp.blackhole > net.inet.udp.blackhole > > -- > Glen Barber > > "If you have any trouble sounding condescending, find a Unix user to > show you how it's done." > --Scott Adams > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
