diff options
Diffstat (limited to 'conf-tmpl')
-rw-r--r-- | conf-tmpl/Changelog.txt | 4 | ||||
-rw-r--r-- | conf-tmpl/packet_athena.conf | 35 |
2 files changed, 25 insertions, 14 deletions
diff --git a/conf-tmpl/Changelog.txt b/conf-tmpl/Changelog.txt index fc194dca4..a78ae35fd 100644 --- a/conf-tmpl/Changelog.txt +++ b/conf-tmpl/Changelog.txt @@ -1,5 +1,9 @@ Date Added +2007/01/12 + * Updated the information about ip rules and DDoS protection in + packet_athena.conf and commented out the line "allow: all" so + connections are rejected when a DDoS is detected. [FlavioJS] 2007/01/08 * Added the console plugin to plugin_athena.conf commented out. [FlavioJS] 2007/01/05 diff --git a/conf-tmpl/packet_athena.conf b/conf-tmpl/packet_athena.conf index d654a0e35..22d44c1d1 100644 --- a/conf-tmpl/packet_athena.conf +++ b/conf-tmpl/packet_athena.conf @@ -17,40 +17,47 @@ mode_neg: yes //----- IP Rules Settings ----- -// Do we check IP's before allowing incoming connections? +// If IP's are checked when connecting. +// This also enables DDoS protection. enable_ip_rules: yes -// Decide the order of access restriction (Same as apache?) -// deny,allow Is the standard +// Order of the checks +// deny,allow : Checks deny rules, then allow rules. Allows if no rules match. +// allow,deny : Checks allow rules, then deny rules. Allows if no rules match. +// mutual-failure : Allows only if an allow rule matches and no deny rules match. +// (default is deny,allow) order: deny,allow // order: allow,deny // order: mutual-failture -// The IP list which it uses to access controls -// allow : Allows access regardless of permissions -// deny : Completely disallow -// Žw’è–³‚µ : If the permission check encounters mutual-failure(whatever that means) it will disallow access +// IP rules +// allow : Accepts connections from the ip range (even if flagged as DDoS) +// deny : Rejects connections from the ip range +// The rules are processed in order, the first matching rule of each list (allow and deny) is used // allow: 127.0.0.1 // allow: 192.168.0.0/16 // allow: 10.0.0.0/255.0.0.0 -allow: all +// allow: all // deny: 127.0.0.1 -//---- Ddos Protection Settings ---- -// If there is a connection request within ddos_interval msec for ddos_count number of times, it will assume it is a ddos attack +//---- DDoS Protection Settings ---- +// If ddos_count connection request are made within ddos_interval msec, it assumes it's a DDoS attack -// Consecutive intervals(msec) +// Consecutive attempts interval (msec) +// (default is 3000 msecs, 3 seconds) ddos_interval: 3000 -// Connection frequency +// Consecutive attempts trigger +// (default is 10 attemps) ddos_count: 5 -// The time interval after which the threat of ddos is assumed to be gone -// After this amount of time, the ddos restrictions are lifted. +// The time interval after which the threat of DDoS is assumed to be gone. (msec) +// After this amount of time, the DDoS restrictions are lifted. +// (default is 600000 msecs, 10 minutes) ddos_autoreset: 600000 |