Udp bombs and pf tool, prevention of udp floods
Hi all,
I have followig lines at beggining of my filter part withinh PF firewall
block in on $ext_if
block in log (all) quick on $ext_if proto udp from $bad_guy to $ext_if
So, I must not say in first rule quick because it will not process other rules in chain, with second rule I just want to block all packets from some addresse(s), by protocol udp to external if.
My question is there some way within PF ( OpenBSD as platform ) to say ...for example after reciving 10000 packages all rest to drop.
The problem is, on my external interface I receive real udp bombs, and so I just want to drop all and be able still to connect.
I read and understand to create an queue rule and assign it 1% of my bandwidth but it does not help.
Any suggestion is welcome and thank you in advance
|