Welcome! Log In Create A New Profile

Re: DDoS protection module suggestion

Forum List Message List New Topic Print View

malte

November 04, 2010 03:47PM

Registered: 13 years ago
Posts: 11

Redd Vinylene Wrote:
-------------------------------------------------------
> Just real quick:
>
> What about one of the BSDs and pf? The latter is
> said to be the world's best
> firewall. Real elegant syntax too:
>
> block quick from
>
> pass in on $ext_if inet proto tcp from any to any
> port 80 keep state
> (max-src-conn 100, max-src-conn-rate 15/5,
> overload flush
> global)
>
> That takes care of all my DDoS protection needs.
> Some of y'all mentioned big
> guns though, I don't know about that.

OpenBSDs PF is indeed the worlds finest software based firewall, I'll be the first to say. I think Linux should throw out IP tables and go for a PF port, but I digress.

I haven't tried mitigating a big DDoS with PF, and I don't know if it would fare any better once it has say 50k individual IPs to block. But to me that is kind of beside the point. If I am not mistaken, a well written nginx module would be the immensely helpful when faced with the kind of DDoS I had on me last week.

If I can't find anyone interested in writing it I might have a whack at it myself next time I get some spare time.

Reply Quote

RSS

Subject	Author	Posted
DDoS protection module suggestion	malte	November 02, 2010 10:19PM
Re: DDoS protection module suggestion	Weibin Yao	November 02, 2010 10:58PM
Re: DDoS protection module suggestion	malte	November 02, 2010 11:21PM
Re: DDoS protection module suggestion	unclepieman	November 03, 2010 12:02AM
Re: DDoS protection module suggestion	malte	November 03, 2010 05:00PM
Re: DDoS protection module suggestion	unclepieman	November 03, 2010 05:15PM
Re: DDoS protection module suggestion	malte	November 03, 2010 10:30PM
Re: DDoS protection module suggestion	Redd Vinylene	November 04, 2010 04:52AM
Re: DDoS protection module suggestion	malte	November 04, 2010 03:47PM
Re: DDoS protection module suggestion	Weibin Yao	November 04, 2010 10:28PM
Re: DDoS protection module suggestion	unclepieman	November 05, 2010 12:10AM
Re: DDoS protection module suggestion	Weibin Yao	November 05, 2010 01:08AM
Re: DDoS protection module suggestion	malte	November 05, 2010 01:58AM
Re: DDoS protection module suggestion	unclepieman	November 05, 2010 03:34AM
Re: DDoS protection module suggestion	Weibin Yao	November 05, 2010 05:56AM
Re: DDoS protection module suggestion	Eugaia	November 05, 2010 06:44AM
Re: DDoS protection module suggestion	姚伟斌	November 05, 2010 08:52AM
Re: DDoS protection module suggestion	malte	November 05, 2010 12:16PM
Re: DDoS protection module suggestion	姚伟斌	November 05, 2010 09:50PM
Re: DDoS protection module suggestion	malte	November 05, 2010 12:11PM
Re: DDoS protection module suggestion	unclepieman	November 05, 2010 01:08PM
Re: DDoS protection module suggestion	malte	November 05, 2010 05:52PM
Re: DDoS protection module suggestion	malte	November 05, 2010 05:53PM
Re: DDoS protection module suggestion	Weibin Yao	November 05, 2010 05:42AM
Re: DDoS protection module suggestion	Rainer Duffner	November 03, 2010 05:42PM
Re: DDoS protection module suggestion	malte	November 03, 2010 10:22PM
Re: DDoS protection module suggestion	ken107	December 26, 2010 04:49AM
Re: DDoS protection module suggestion	Weibin Yao	December 26, 2010 09:32PM
Re: DDoS protection module suggestion	Waleed G.	March 25, 2012 01:04PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 312

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018