Tom Eastep wrote: > S. J. van Harmelen wrote: > >> I’m reading and reading through the doc’s and previous posts, but cannot >> seem to find what I’m looking for. I want to create a rule that prevents >> DoS and maybe even DDoS attacks against a specific port. The current >> rule looks like this (the PORT’s and IP’s are dummies of course): >> >> #ACTION SOURCE DEST >> HTTP(DNAT) net loc:192.168.1.160 >> >> Now how can I convert this rule so I can use the limit action? I assume >> the following rule isn’t going to work correct because it misses the >> DNAT action: >> >> Limit:info:HTTPACCESS,3,60 net loc:192.168.1.160 tcp 80 >> >> So how should I do this? Any help or pointers the some usefull doc’s >> about this topic are more then welcome! >> > > DNAT- net loc:192.168.1.160 tcp 80 > Limit:info:HTTPACCESS,3,60 net loc:102.168.1.160 tcp 80 > Good rule!
Im going to add it to my notes :). Best regards. > -Tom >
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
