Date: Sun, 9 Nov 2008 10:37:29 +0100 From: "Elvir Kuric" <omasnjak@gmail.com> To: freebsd-pf@freebsd.org Subject: Blocking udp flood trafiic using pf, hints welcome Message-ID: <1814bfe70811090137v39cd6434l49b545eb3b6eb88c@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I am playing with pf tool on openbsd/freebsd platforms and it is super tool for firewalls. On thing is interesting for me, and I am hopping someone has expeience with this. If I say block log all block in log (all) quick on $ext_if proto udp from any to $ext_if this would block all traffic on $ext_if, but on my ext_if I recive a lot of ( huge amount ) of udp generated traffic which make me a lot of problems. I also tryed to add small pipe and play with ALTQ to handle this but it did not help a lot. Also I know that every packet which hit my ext_if should be processed ( or least take a little processor resources, if I block it with keyword quick ), but I am wondering is there some way to decrease impact on system when a lot of packets arive in short time. My question would be, what are your experinces with battling against boring udp flooders ? Platform are FreeBSD / OpenBSD and all works like a charm except time to time, stupid udp flood atacks. Any suggestion is welcome, With Regards, Elvir Kuric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1814bfe70811090137v39cd6434l49b545eb3b6eb88c>