AntiDDOS

Latest revision as of 17:15, 19 October 2021

"Anti DDOS" protects the WFilter server from DDOS attacks.

Disable Ping on WAN Interfaces.
Drop Invalid Packets.
Drop Fragmented Packets.
Enable Protection on Forwarding: If not enabled, DDOS protection only applies to connections target to WFilter itself.
SYN Flood Protection, tcp syn packets exceed the rate limit will be dropped.
UDP Flood Protection, udp packets exceed the rate limit will be dropped.
ICMP Flood Protection, icmp packets exceed the rate limit will be dropped.
Geo-IP Filter: filter connections from certain countries.
IP Whitelist: whitelisted ip addresses won't be blocked by above rules. These C class ip segments will be whitelisted by default: 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8

Geo-IP Filter: filter connections from certain countries, options:

@@ Line 9: / Line 9: @@
 * Drop Invalid Packets.
 * Drop Fragmented Packets.
+* Enable Protection on Forwarding: If not enabled, DDOS protection only applies to connections target to WFilter itself.
 * SYN Flood Protection, tcp syn packets exceed the rate limit will be dropped.
 * UDP Flood Protection, udp packets exceed the rate limit will be dropped.
 * ICMP Flood Protection, icmp packets exceed the rate limit will be dropped.
 * Geo-IP Filter: filter connections from certain countries.
-* IP Whitelist: whitelisted ip addresses won't be blocked by above rules.
+* IP Whitelist: whitelisted ip addresses won't be blocked by above rules. These C class ip segments will be whitelisted by default: <code>192.168.0.0/16 172.16.0.0/12 10.0.0.0/8</code>
 [[File:antiddos001.png|900px]]
-Geo-IP Filter: filter connections from certain countries.
+Geo-IP Filter: filter connections from certain countries, options:
 * Block choosed countries
 * Only allow choosed countries