diff options
author | FlavioJS <FlavioJS@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2007-01-12 13:51:38 +0000 |
---|---|---|
committer | FlavioJS <FlavioJS@54d463be-8e91-2dee-dedb-b68131a5f0ec> | 2007-01-12 13:51:38 +0000 |
commit | a56e294fa87d663ca67bdb1002d2b75c10e64c78 (patch) | |
tree | 648dbf75eb4017aef75cf73aee3cbc3a207b6970 /conf-tmpl/packet_athena.conf | |
parent | 9b1082f4075d45f6d484d856d49013b6eb1e515a (diff) | |
download | hercules-a56e294fa87d663ca67bdb1002d2b75c10e64c78.tar.gz hercules-a56e294fa87d663ca67bdb1002d2b75c10e64c78.tar.bz2 hercules-a56e294fa87d663ca67bdb1002d2b75c10e64c78.tar.xz hercules-a56e294fa87d663ca67bdb1002d2b75c10e64c78.zip |
- Cleaned up the ip rules/DDoS section of the code. (the allow,deny and deny,allow cases were switched)
- Updated the information about ip rules and DDoS protection in packet_athena.conf and commented out the line "allow: all" so connections are rejected when a DDoS is detected.
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@9647 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'conf-tmpl/packet_athena.conf')
-rw-r--r-- | conf-tmpl/packet_athena.conf | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/conf-tmpl/packet_athena.conf b/conf-tmpl/packet_athena.conf index d654a0e35..22d44c1d1 100644 --- a/conf-tmpl/packet_athena.conf +++ b/conf-tmpl/packet_athena.conf @@ -17,40 +17,47 @@ mode_neg: yes //----- IP Rules Settings ----- -// Do we check IP's before allowing incoming connections? +// If IP's are checked when connecting. +// This also enables DDoS protection. enable_ip_rules: yes -// Decide the order of access restriction (Same as apache?) -// deny,allow Is the standard +// Order of the checks +// deny,allow : Checks deny rules, then allow rules. Allows if no rules match. +// allow,deny : Checks allow rules, then deny rules. Allows if no rules match. +// mutual-failure : Allows only if an allow rule matches and no deny rules match. +// (default is deny,allow) order: deny,allow // order: allow,deny // order: mutual-failture -// The IP list which it uses to access controls -// allow : Allows access regardless of permissions -// deny : Completely disallow -// Žw’è–³‚µ : If the permission check encounters mutual-failure(whatever that means) it will disallow access +// IP rules +// allow : Accepts connections from the ip range (even if flagged as DDoS) +// deny : Rejects connections from the ip range +// The rules are processed in order, the first matching rule of each list (allow and deny) is used // allow: 127.0.0.1 // allow: 192.168.0.0/16 // allow: 10.0.0.0/255.0.0.0 -allow: all +// allow: all // deny: 127.0.0.1 -//---- Ddos Protection Settings ---- -// If there is a connection request within ddos_interval msec for ddos_count number of times, it will assume it is a ddos attack +//---- DDoS Protection Settings ---- +// If ddos_count connection request are made within ddos_interval msec, it assumes it's a DDoS attack -// Consecutive intervals(msec) +// Consecutive attempts interval (msec) +// (default is 3000 msecs, 3 seconds) ddos_interval: 3000 -// Connection frequency +// Consecutive attempts trigger +// (default is 10 attemps) ddos_count: 5 -// The time interval after which the threat of ddos is assumed to be gone -// After this amount of time, the ddos restrictions are lifted. +// The time interval after which the threat of DDoS is assumed to be gone. (msec) +// After this amount of time, the DDoS restrictions are lifted. +// (default is 600000 msecs, 10 minutes) ddos_autoreset: 600000 |