Re: How to stop the flood?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Taylor, Grant" <gtaylor@riverviewtech.net>
To: Rikunj <rikunj@raha.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: How to stop the flood?
Date: Thu, 28 Apr 2005 15:16:20 -0500	[thread overview]
Message-ID: <42714494.9080008@riverviewtech.net> (raw)
In-Reply-To: <00c701c54c01$3ba1b9a0$3b3429c4@rp>

> This was the log from one of my client who was attacked from a client on
> other subnet.

How many different subnets are you serving?  What interfaces are they on on your router?  Do you have each client on a different subnet, or are there multiple clients on one subnet?  What type of network setup do you have, both physical and logical?

> My network consist of clients from different subnets of /24.

Are these /24 subnets independently controlled by your clients such that you don't have any control on them sort of saying stop or you will stop their internet access?

> The attacks from one subnet travels through my linux router and hits the
> client on other subnet.

Assuming that each of your clients is on a different subnet and they are connected to an aliased interface on your router you could very easily set up your firewall script to filter based on inbound and outbound interface.  This also assumes that one client of yours will never need to communicate with another directly.  If one client needs to communicate with another directly you will need to explicitly allow the traffic to pass through your router.

(This is presuming that your FORWARD policy is set to DROP which IMHO it should *ALWAYS* be.)
# Client_1
iptables -t filter -A FORWARD -i $Client_1 -o $INet -s $Client_1_Subnet -j ACCEPT
iptables -t filter -A FORWARD -i $INet -o $Client_1 -d $Client_1_Subnet -j ACCEPT
# Client_2
iptables -t filter -A FORWARD -i $Client_2 -o $INet -s $Client_2_Subnet -j ACCEPT
iptables -t filter -A FORWARD -i $INet -o $Client_2 -d $Client_2_Subnet -j ACCEPT
# Client_3
iptables -t filter -A FORWARD -i $Client_3 -o $INet -s $Client_3_Subnet -j ACCEPT
iptables -t filter -A FORWARD -i $INet -o $Client_3 -d $Client_3_Subnet -j ACCEPT

(This is presuming that your FORWARD policy is set to ACCEPT which IMHO it should *NEVER* be.)
# Client_1
iptables -t filter -A FORWARD -i $Client_1 -o ! $INet -s $Client_1_Subnet -j DROP
iptables -t filter -A FORWARD -i ! $INet -o $Client_1 -d $Client_1_Subnet -j DROP
# Client_2
iptables -t filter -A FORWARD -i $Client_2 -o ! $INet -s $Client_2_Subnet -j DROP
iptables -t filter -A FORWARD -i ! $INet -o $Client_2 -d $Client_2_Subnet -j DROP
# Client_3
iptables -t filter -A FORWARD -i $Client_3 -o ! $INet -s $Client_3_Subnet -j DROP
iptables -t filter -A FORWARD -i ! $INet -o $Client_3 -d $Client_3_Subnet -j DROP

(Any one care to double check my logic?  Please?)

> I tried few rules as below but seems not to be working.

Your rules look like they are designed to do more quality assurance (making sure the traffic is not blatantly invalid) on any traffic passing through the FORWARD chain than filtering based on the source and destination address and interface.

Grant. . . .

     prev parent reply	other threads:[~2005-04-28 20:16 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-28 13:35 How to stop the flood? Rikunj
2005-04-28 14:16 ` Jason Opperisano
2005-04-28 14:47   ` Rikunj
2005-04-28 15:47     ` Rob Sterenborg
2005-04-28 15:54       ` Dwayne Hottinger
2005-04-28 17:10         ` Rikunj
2005-04-29  3:12           ` Taylor, Grant
2005-04-29 13:17             ` Rikunj
2005-05-01  0:59             ` Mogens Valentin
2005-05-01 19:19               ` Taylor, Grant
2005-04-28 21:50         ` R. DuFresne
2005-04-28 21:58           ` wkc
2005-04-28 22:04             ` Dwayne Hottinger
2005-04-28 17:54       ` Rikunj
2005-04-28 16:35     ` Jason Opperisano
2005-04-28 20:16     ` Taylor, Grant [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42714494.9080008@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    --cc=rikunj@raha.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.