On Wed, May 25, 2011 at 3:40 AM, Andy Wodfer <wodfer at gmail dot com> wrote:
> I have my first m0n0wall installation up and running and it looks very good.
> I have set up things as following:
> wan (external ip)
> lan 10.0.0.1/24
> I have a webserver on the lan at IP 10.0.0.10. I have set up NAT. The server
> is being DDOS'ed by a few IP addresses on port 80 and I wan't to reject
> these IP adresses and all ports (source+dest).
> I'm a little confused about whether putting these reject rules on the WAN or
> LAN? I thought WAN was the correct place, but I still see traffic coming
> through. Any ideas?
If it's sourced from the Internet, rule goes on WAN. But don't use a
reject rule against a DOS of any type, use block. Reject will
exacerbate the issue as it'll cause the firewall to send back a
connection refused message for every packet.