Date: Sun, 9 Nov 2008 06:09:13 -0500 From: "Glen Barber" <glen.j.barber@gmail.com> To: "Elvir Kuric" <omasnjak@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Blocking udp flood trafiic using pf, hints welcome Message-ID: <4ad871310811090309le19b2bwd2de855155b3797b@mail.gmail.com> In-Reply-To: <1814bfe70811090137v39cd6434l49b545eb3b6eb88c@mail.gmail.com> References: <1814bfe70811090137v39cd6434l49b545eb3b6eb88c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 9, 2008 at 4:37 AM, Elvir Kuric <omasnjak@gmail.com> wrote: > Hi all, > > I am playing with pf tool on openbsd/freebsd platforms and it is super > tool for firewalls. On thing is interesting for me, and I am hopping > someone has expeience with this. > > If I say > > block log all > block in log (all) quick on $ext_if proto udp from any to $ext_if > > this would block all traffic on $ext_if, but on my ext_if I recive a > lot of ( huge amount ) of udp generated traffic which make me a lot > of problems. > I also tryed to add small pipe and play with ALTQ to handle this but > it did not help a lot. Also I know that every packet which hit my > ext_if should be > processed ( or least take a little processor resources, if I block > it with keyword quick ), but I am wondering is there some way to > decrease impact on system > when a lot of packets arive in short time. > > My question would be, what are your experinces with battling against > boring udp flooders ? Platform are FreeBSD / OpenBSD and all works > like a charm except time to time, stupid udp flood atacks. > Not sure if this will help in your situation, but you could try setting the 'blackhole' for UDP. (There is also one for TCP.) net.inet.tcp.blackhole net.inet.udp.blackhole -- Glen Barber "If you have any trouble sounding condescending, find a Unix user to show you how it's done." --Scott Adams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ad871310811090309le19b2bwd2de855155b3797b>