Hi Justin,
Thanks for your time, I appreciate it.
--
Best Regards,
Richard Hatherly
Ritech Computing Services
0411 459 507
On 21/09/2018 10:39 PM, Justin Pryzby wrote:
On Thu, Sep 20, 2018 at 09:27:35AM +1000, Richard wrote:
Not going to help for UDP, but it would stop TCP replies if it was a TCP
flood ?
If you DROP TCP initial "SYN" packet, there's no connection nor reason to reply
to anything else.
shorewall/blacklist is the easy way (see also shorewall/interfaces
"blacklist").
If there's an existing connection, you could break the connection to avoid TCP
"control" packets like keepalives before it's eventually forgotten.
shorewall/rules:
?SECTION ALL
REJECT net:111.111.111.111 all
On linux, you could also drop an existing connection using conntrack tool, then
any new connection would hit ?SECTION NEW rules again.
Justin
--
Best Regards,
Richard Hatherly
Ritech Computing Services
0411 459 507
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
