Hello Misc, I have an OpenBSD 5.2 i386 firewall. It was running so good till last night. We are under a ddos attack(DNS Amplification attack) (ANY? isc.org requests) Our firewall freezes. I cant ping to my firewall interfaces even internal interface. It doesnt answer maybe replies very slowly. Before this freezing issue i got these messages at /var/log/messages:
/bsd: uvm_mapent_alloc: out of static map entries /bsd: WARNING: mclpools limit reached; increase kern.maxcluster I increased up kern.maxcluster values but did not work. We had to reboot firewall every 2 hours cause of this ddos attack. After that i realized that changing this pf rule worked: "block log all" to "block all" Now we are still under attack but firewall handles it. It drops udp port 53 attacks and doesnt log any packet. But this is not what i want. As default i wanna log which packet my firewall blocked. So how can i log all blocked packets and my firewall can be still up and running? Thanks. Theron
