-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/07/2016 09:57 AM, Miguel Miranda wrote: > Thanks Tom, so the when the number of connections allowed is > reached, iptables just bypass the rule and then it falls in the > defaul policy which i am not loggin it, so by adding the DROP rule > it catch the bypassed packet and loggit?
Yes. > If i undestand correctly, i just need the DNSDDOS and DROP rules? > It will drop ddos packets and additional will apply the limit. Yes. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJX99VDAAoJEJbms/JCOk0Q7OIP/34R92sFteUB/R9FVaNOrXmN lO6ge6RS/3f5ugXhRBFHGvyhoDfpyHMl6JGvZYzYuQHyfhKeAA5FeBD6ueZS6YRD DLrHbY8pXkD3d5Tyt+MbQ7M5JORr5+0/RCwh7R4bQwnUYXhzu8qbDMhCDPNxLX1U /4FUtZ2COmpCgUHN2QXl/9qdBpea03EpmiMVP9L7IuLqmIpuXnSpv+zp9HcTPpce 24FQBj0vfDJzDlCWc95wvd9zx+4zNbBG+si2EwX2eqTD0gU2yfpRCGG4K7kcqFVm 4KRH0kGODWyLzkQhi6bwBLoq4ZJE8DkAzJkOC5go9KJRO35CDRKpWciUjVEi8kSN fVXJk54H22byODu9eWsIfy0IFVMYi/DJHEsjx81Qftt5sNFrTF46GYh4O/MqJOOV CilyBVp1WgCHrzJw1JZ398mz2bayqqQwxoXOejIjVyYK8Q/P0p6fsA14fWBruZDl J2CvrQsCIjVQOGZabmFm4Fmq4vKejXf6lQ6hkeheqA+n9CEVeH5dT23ZU7eGykVL +xRPyqVWgrzeXpOkZZYIHCOf/yzeGyp2GTYqhEEMHQM04JII1q8hrj4uvbJWqagx D4LjGZa3+8rszFTVpuCsl74daaACAxfBnx6srAH5IOnyeeSE8jO932RuKGrk3UI3 n9DPpItuz6gXpPziJPz3 =hrL7 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
