* [LARTC] Re: ingress policing
@ 2001-04-06 3:01 Kevin Turner
0 siblings, 0 replies; only message in thread
From: Kevin Turner @ 2001-04-06 3:01 UTC (permalink / raw)
To: lartc
On Thu, Apr 05, 2001 at 11:59:43PM +0200, Guy Van Den Bergh wrote:
> One major application of ingress policing is only letting a limited
> rate of icmp or tcp syn packets coming into your network. That will
> keep your network less vulnerable for ping floods and dos attacks.
It's perhaps worth noting that for applications like this, in which you
don't want to queue the traffic at all but just drop or reject it, this
can be easily done with kernel 2.4's netfilter, using iptables and
LIMIT. This is covered in Rusty's Remarklably Useful but Allegedly
Unreliable Guide, the Linux 2.4 Packet Filtering HOWTO at
http://netfilter.kernelnotes.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2001-04-06 3:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-04-06 3:01 [LARTC] Re: ingress policing Kevin Turner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox