Transparant firewall advanced Option
-
Hi I am trying to limit connections per source IP address on UDP. I have a pass rule and limiting 2 connections per 5 sec the issue is it is passing everything. I am seeing over 50 connections per sec in pass.
Is this a GUI issue or is it passing?
-
Did you applied this rule on wan interface?
To limit outbound connections, place the rule on lan/opt.
To limit inbound use wan interface.After an ip address reach connection limit, it will be included on virsprot table and will not be able to connect for something between 01 and 02 hours.
To change this behavior, you may need to install cron package and reduce schedule time as well expire table -t value
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
-
It is inbound I am trying but nothing is going into the table. Maybe it is not classifying the traffic as connections but my understanding that each log in the firewall table is a connection.
-
did you tried to put this rule on top?
-
Yep top rule but no joys very strange. I also have one for the ICMP as well and on testing it did stop pinging but no joy.
-
Did you try clearing the existing states to see if this helps?
- Andreas
-
UDP and ICMP have no concept of "connections" the way TCP does. If a source sends 50 pings to one destination it's all one "connection". If a UDP client sends 50 packets using the same source and destination ip:ports, it's one connection.
Make sure that your testing accounts for that and you should have better results. (or try tcp). Other than that, seeing a copy of your /tmp/rules.debug might help see what's going on.