Hi all,
I am playing with pf tool on openbsd/freebsd platforms and it is super
tool for firewalls. On thing is interesting for me, and I am hopping
someone has expeience with this.
If I say
block log all
block in log (all) quick on $ext_if proto udp from any to $ext_if
this would block all traf
Hi Glen,
Thank you for mail and help,
actually I do not have these options on my openBSD box, on freeBSD box
there are and I will implennt this.
Thank you very much
Kind regards,
Elvir Kuric
On Sun, Nov 9, 2008 at 12:09 PM, Glen Barber <[EMAIL PROTECTED]> wrote:
> On Sun, Nov 9, 2008 at 4:37
Hello Daniel,
thank you for answer, I understand, but I know pf is very powerful
tool I want to make some workaround using pf to perform blocking udp
floods, rule creation is not problem and I understand pf syntax. ISP
also use I suppose pf as firewall on their machines, so if they can,
I/we using
Hello Jeremy,
Thank you for your time and your answer,
> First, you should be very careful with use of the "log" directive on
> your rules. I've personally witnessed an attack which triggered "log"
> entries in block rules causing pflog to log at such a tremendous/fast
> rate, that newsyslog co
On Sun, Nov 9, 2008 at 4:37 AM, Elvir Kuric <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I am playing with pf tool on openbsd/freebsd platforms and it is super
> tool for firewalls. On thing is interesting for me, and I am hopping
> someone has expeience with this.
>
> If I say
>
> block log all
> bloc
Hello Elvir,
Sunday, November 9, 2008, 10:37:29 AM, you wrote:
> My question would be, what are your experinces with battling against
> boring udp flooders ? Platform are FreeBSD / OpenBSD and all works
> like a charm except time to time, stupid udp flood atacks.
Ask your ISP to block UDP upfron
On Sun, Nov 09, 2008 at 10:37:29AM +0100, Elvir Kuric wrote:
> I am playing with pf tool on openbsd/freebsd platforms and it is super
> tool for firewalls. On thing is interesting for me, and I am hopping
> someone has expeience with this.
>
> If I say
>
> block log all
> block in log (all) quick
Elvir Kuric <[EMAIL PROTECTED]> wrote:
>
> I absolutely agree with you regarding logging, and I do not practice
> this, only logging specific data. The biggest problem with this DoS
> attacks ( udp floods ) is, processor must spend some time on packet
> arrive ( even dropping will take some proces
David DeSimone wrote:
> You may want to consider adding "keep state" to your "block log" rules.
> If you keep state on the blocked packets, only the first packet that is
> blocked will get logged; the others will be blocked statefully without
> consulting the rulebase, which may save some processi
Eric Williams <[EMAIL PROTECTED]> wrote:
>
> David DeSimone wrote:
> > You may want to consider adding "keep state" to your "block log" rules.
>
> Doesn't seem to work, it just gives "keep state on block rules doesn't
> make sense" as an error.
I guess what I mean is that "blog log" rules can ke
Hi Elvir,
I'd second the advice given further up the thread about getting your
ISP to filter upstream - that's about the only really effective
solution. Once UDP packets hit your firewall's external interface
there's very little you can do about it.
The only other advice I could offer is;
i) Ma
11 matches
Mail list logo
