[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Andy Wodfer <wodfer at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Newbie needs basic help with reject rules
 Date:  Wed, 25 May 2011 03:48:40 -0400
On Wed, May 25, 2011 at 3:40 AM, Andy Wodfer <wodfer at gmail dot com> wrote:
> Hi,
> I have my first m0n0wall installation up and running and it looks very good.
>
> I have set up things as following:
>
> wan (external ip)
>
> lan 10.0.0.1/24
>
> I have a webserver on the lan at IP 10.0.0.10. I have set up NAT. The server
> is being DDOS'ed by a few IP addresses on port 80 and I wan't to reject
> these IP adresses and all ports (source+dest).
>
> I'm a little confused about whether putting these reject rules on the WAN or
> LAN? I thought WAN was the correct place, but I still see traffic coming
> through. Any ideas?
>

If it's sourced from the Internet, rule goes on WAN. But don't use a
reject rule against a DOS of any type, use block. Reject will
exacerbate the issue as it'll cause the firewall to send back a
connection refused message for every packet.