AntiDDOS
From Wiki of WFilter NG Firewall
(Difference between revisions)
(→Settings) |
|||
| Line 14: | Line 14: | ||
* ICMP Flood Protection, icmp packets exceed the rate limit will be dropped. | * ICMP Flood Protection, icmp packets exceed the rate limit will be dropped. | ||
* Geo-IP Filter: filter connections from certain countries. | * Geo-IP Filter: filter connections from certain countries. | ||
| − | * IP Whitelist: whitelisted ip addresses won't be blocked by above rules. | + | * IP Whitelist: whitelisted ip addresses won't be blocked by above rules. These C class ip segments will be whitelisted by default: <code>192.168.0.0/16 172.16.0.0/12 10.0.0.0/8</code> |
[[File:antiddos001.png|900px]] | [[File:antiddos001.png|900px]] | ||
Latest revision as of 17:15, 19 October 2021
[edit] 1 Anti DDOS
"Anti DDOS" protects the WFilter server from DDOS attacks.
[edit] 2 Settings
- Disable Ping on WAN Interfaces.
- Drop Invalid Packets.
- Drop Fragmented Packets.
- Enable Protection on Forwarding: If not enabled, DDOS protection only applies to connections target to WFilter itself.
- SYN Flood Protection, tcp syn packets exceed the rate limit will be dropped.
- UDP Flood Protection, udp packets exceed the rate limit will be dropped.
- ICMP Flood Protection, icmp packets exceed the rate limit will be dropped.
- Geo-IP Filter: filter connections from certain countries.
- IP Whitelist: whitelisted ip addresses won't be blocked by above rules. These C class ip segments will be whitelisted by default:
192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
Geo-IP Filter: filter connections from certain countries, options:
- Block choosed countries
- Only allow choosed countries
