since a few weeks i can watch irregular incoming bursts, but i don't know how i can handle it in a better way. Maybe someone could help me with that problem?
Here are my filters what i've done till now:
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Allow Input AccessList
chain=input action=accept src-address-list=AccessList
1 ;;; Allow AccessList to RFC1918
chain=forward action=accept src-address-list=AccessList dst-address-list=rfc1918
2 ;;; Drop ext. DNS Query
chain=input action=drop protocol=udp in-interface=Backbone-Port1 dst-port=53
3 ;;; Log all prot. Bursts
chain=input action=log connection-limit=3,32 log-prefix="BURST BLOCK"
4 ;;; Slow Down Blacklist
chain=input action=tarpit protocol=tcp src-address-list=blocked-addr connection-limit=3,32
5 ;;; Drop all prot. Blacklist
chain=input action=drop src-address-list=blocked-addr connection-limit=3,32
6 ;;; Blacklist Bursts
chain=input action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d connection-limit=3,32
7 ;;; SYN Flood protect
chain=input action=jump jump-target=SYN-Protect tcp-flags=syn connection-state=new protocol=tcp
8 chain=SYN-Protect action=accept tcp-flags=syn connection-state=new protocol=tcp limit=10,5
9 chain=SYN-Protect action=drop tcp-flags=syn connection-state=new protocol=tcp
10 X ;;; Log RFC1918
chain=forward action=log src-address-list=!rfc1918 dst-address-list=rfc1918 log-prefix="DROP RFC1918"
11 ;;; Drop RFC1918
chain=forward action=drop src-address-list=!rfc1918 dst-address-list=rfc1918
How can i throttle these bursts?