On Thu, Sep 20, 2018 at 09:27:35AM +1000, Richard wrote: > Not going to help for UDP, but it would stop TCP replies if it was a TCP > flood ?
If you DROP TCP initial "SYN" packet, there's no connection nor reason to reply to anything else. shorewall/blacklist is the easy way (see also shorewall/interfaces "blacklist"). If there's an existing connection, you could break the connection to avoid TCP "control" packets like keepalives before it's eventually forgotten. shorewall/rules: ?SECTION ALL REJECT net:111.111.111.111 all On linux, you could also drop an existing connection using conntrack tool, then any new connection would hit ?SECTION NEW rules again. Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
