FreeBSD DDoS protection
Janne Snabb
snabb at epipe.com
Sun Feb 10 12:48:59 UTC 2013
On 2013-02-10 03:57, khatfield at socllc.net wrote:
> Deny all ICMP (drop I mean) and UDP except where specifically required.
Please do not drop all ICMP unless you understand what you are doing. By
doing that you are creating a path MTU discovery blackhole.
See for example the following sites for more information:
http://www.phildev.net/mss/
https://supportforums.cisco.com/docs/DOC-5839
http://www.cymru.com/Documents/icmp-messages.html
http://packetlife.net/blog/2008/oct/09/disabling-unreachables-breaks-pmtud/
--
Janne Snabb / EPIPE Communications
snabb at epipe.com - http://epipe.com/
More information about the freebsd-isp
mailing list