Hello to all, i have two questions:
1. I want to mitigate DDOS attacks to my dns servers, to implement this i
have configured rate limit as per docs:
ACCEPT net $FW udp 53 - -
s:powerdns:10/sec:100
I have verified that the rate limit is working by sending more than 100 qps
and i start to get errors with dns resolver, so i guess the limit is
working, however i would like to see in the logs the packets dropped so i
can revie who is attacking my server and if the limit is affecting valid
customers, if so i will rise the burst. if i try this
ACCEPT:info net $FW udp 53 -
- s:powerdns:10/sec:100
I see all the traffic, i just want to see the abnormal dropped traffic.
2. Are this 2 rules equivalent, the second one using the DDOS action
created by Tom:
DNSDDOS net $FW udp 53 - -
s:powerdns:10/sec:100
Regards
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
