Blocking udp flood trafiic using pf, hints welcome
Elvir Kuric
omasnjak at gmail.com
Sun Nov 9 05:16:33 PST 2008
Hi Glen,
Thank you for mail and help,
actually I do not have these options on my openBSD box, on freeBSD box
there are and I will implennt this.
Thank you very much
Kind regards,
Elvir Kuric
On Sun, Nov 9, 2008 at 12:09 PM, Glen Barber <glen.j.barber at gmail.com> wrote:
> On Sun, Nov 9, 2008 at 4:37 AM, Elvir Kuric <omasnjak at gmail.com> wrote:
>> Hi all,
>>
>> I am playing with pf tool on openbsd/freebsd platforms and it is super
>> tool for firewalls. On thing is interesting for me, and I am hopping
>> someone has expeience with this.
>>
>> If I say
>>
>> block log all
>> block in log (all) quick on $ext_if proto udp from any to $ext_if
>>
>> this would block all traffic on $ext_if, but on my ext_if I recive a
>> lot of ( huge amount ) of udp generated traffic which make me a lot
>> of problems.
>> I also tryed to add small pipe and play with ALTQ to handle this but
>> it did not help a lot. Also I know that every packet which hit my
>> ext_if should be
>> processed ( or least take a little processor resources, if I block
>> it with keyword quick ), but I am wondering is there some way to
>> decrease impact on system
>> when a lot of packets arive in short time.
>>
>> My question would be, what are your experinces with battling against
>> boring udp flooders ? Platform are FreeBSD / OpenBSD and all works
>> like a charm except time to time, stupid udp flood atacks.
>>
>
> Not sure if this will help in your situation, but you could try
> setting the 'blackhole' for UDP. (There is also one for TCP.)
>
> net.inet.tcp.blackhole
> net.inet.udp.blackhole
>
> --
> Glen Barber
>
> "If you have any trouble sounding condescending, find a Unix user to
> show you how it's done."
> --Scott Adams
>
More information about the freebsd-pf
mailing list