-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/07/2016 08:22 AM, Miguel Miranda wrote: > Hello to all, i have two questions: > > 1. I want to mitigate DDOS attacks to my dns servers, to implement > this i have configured rate limit as per docs: > > > ACCEPT net $FW udp 53 - > - s:powerdns:10/sec:100 > > I have verified that the rate limit is working by sending more than > 100 qps and i start to get errors with dns resolver, so i guess the > limit is working, however i would like to see in the logs the > packets dropped so i can revie who is attacking my server and if > the limit is affecting valid customers, if so i will rise the > burst. if i try this > > ACCEPT:info net $FW udp 53 > - - s:powerdns:10/sec:100 > > > I see all the traffic, i just want to see the abnormal dropped > traffic. >
Simply add DROP:info net $FW udp 53 After your rate-limited ACCEPT rule. > 2. Are this 2 rules equivalent, the second one using the DDOS > action created by Tom: > > > DNSDDOS net $FW udp 53 - > - s:powerdns:10/sec:100 > This rule will drop DDOS packets that are within the rate; the first rule above will not. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX98soAAoJEJbms/JCOk0QUGoP/3NsAVQtl9oKws+mXnG8NMuo qr+kQ/ZpC6jwlFP5RxVfGLnSne1Yp8m8UDtqcRV/d+CNz+eD7EzE/rgfTaWYmA9S p/CwKwlTqlXSOIcaNoyTIPP63SIbC8UaCMjU6VcrmY+ApCBabMUbQRtqnujZ2yiR l9PCRb9zKAM+u51HN+LiYR6X5UmyFlv/b2r3Iz7ehWuGPpmd9oKLq+Uj7QWc9gyH 8cXU3f6hSirIxyamthkVY2ktR8wUyKf+EU12Fd4lr3CtfebUWCvOqi0Gj6KwVka9 lxeyeY+5ARtheIfhgDtmS96VAUDtrAiaenLFVPB+9nryPDPAWNU/7hiacH7uTiOt h9R2qpIstfrp2VHd8bjWLr5drNhDWUg08AiqBk4IJPafqpBBqAuCvbsAhvTM0WIy rK2HEwUyUy2OAZFsxRM/MzG5qkXGlGDRWDsOBXnJUKmh1pnep7HlU9tfyfX0GOeS EvP1V8twUvxdjFEiwoU1p2WV+Ec1hJ1MeQLAKh60yR0eev6Vv4Go1nFLvTwwdXvt GQVQkmSsqVDAAA5/PKZcOtXuzsSTeaSzAXVlRDc1qrNEYpKVBXOSN0Xop1IovGTq AXNNqZTdW1qYoBNTyGni3bivJZuRMKViGV5+weAQxIKtF2NeTTEHupVQ2oBI/4wO AXgrjMzl91O8hNHz85hq =AJaU -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
