Firewall Rule => Advanced Options / preventing DDOS attack



  • Hi All!

    Can you please help me to setup Firewall Rule => Advanced Options for DDOS protection.

    I have speed line 500Mb/100Mb (i7/32GB ram/SSD)

    What value do you recommend for (HTTP/HTTPS/SMTP/POP3-IMAP):

    Max. states:_______________________ (Maximum state entries this rule can create)
    Max. src nodes: ____________________ (Maximum number of unique source hosts)
    Max. connections:___________________ (Maximum number of established connections per host (TCP only))
    Max. src. states:____________________ (Maximum state entries per host)
    Max. src. conn. Rate:_________________ (Maximum new connections per host (TCP only))
    Max. src. conn. Rates:________________ (/ per how many second(s) (TCP only))
    State timeout:______________________ (State Timeout in seconds (TCP only))

    Thanks for your expert help/sugestion



  • Any help? :(



  • I wouldn't waste your time.  There is no protection from a true DDoS.  The system will be overwhelmed and unable to properly process packets no matter how many rules you have.  Only help from your upstream provider can save you form this.

    A simple DoS, on the other hand, can be often be mitigated by an IDS/IPS like Snort, Suricata or pfBlockerNG that can recognize the specific TCP attack and block it.

    Unless you're some high-value target, why are you concerned about DDoS?  Are you running some service like a game server that is likely to attract idiots that might give you problems?


Log in to reply