I had to make some minor syntax changes to enter the filter
listed and I have a question on making it active.
On Wed, 25 Sep 1996, Dave Andersen wrote:
> There is no good filter example to prevent SYN flooding attacks from
> hitting your site, but there's definitely a good filter to prevent them
> from COMING from your site.
>
> To prevent them from coming from you:
>
> Assume portmaster is assigning 128.0.0.1 - 128.0.0.30
>
> add filter nosyn.in
> set filter nosyn.in permit 128.0.0.1/27 0.0.0.0/0
should be: set filter nosyn.in 1 permit 128.0.0.1/27 0.0.0.0/0
> set filter nosyn.in deny 0.0.0.0/0 0.0.0.0/0 log
should be: set filter nosyn.in 2 deny 0.0.0.0/0 0.0.0.0/0 log
then : save filter
To view : show table filter all
To list : show filter nosyn.in
> This prevents your portmaster from allowing people to use addresses
> other than those that the portmaster is assigning.
Question: How do I activate this filter for all the ports?
set all ifilter nosyn.in
or
set all ofilter nosyn.in
Thanks!
Bill Martin
Honolulu, HI