Anti DDOS - Firewall Advanced Settings

Started by opnsenseuser, August 07, 2022, 06:41:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 07, 2022, 06:41:57 PM Last Edit: August 07, 2022, 08:44:53 PM by opnsenseuser
1. What is the difference between the 3 setting options of Anti DDOS?
2. Can someone explain when it makes sense to activate Anti DDOS or what should be considered when activating it?
3. Is there a documentary about it?
4. Is there a log?

thx
Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)
August 07, 2022, 07:07:29 PM #1
As far as I know it's all based around the usage of the state table, if there is a DDOS attack your state table would start to fill up with waiting connections. See this previous link with some explanation to each setting: https://forum.opnsense.org/index.php?topic=28579.0

I have mine set to adaptive with the default values, FYI I noticed a while back if you set syncookies to always that the zenarmor console would fail to load. I reported that to the zenarmor team but don't know if they ever created a work around for that issue.
August 07, 2022, 07:56:48 PM #2
Problem is that it doesnt help with DDoS.

You can easily make a L7 Denial of Service without the state table filling up in the FW.
August 07, 2022, 08:53:48 PM #3
Thank you both for the information.
I don't think I use it. Seems to be more of a problem, at least in terms of compatibility and performance and purpose, than useful.

Supermicro A2SDi-4C-HLN4F
Team Rebellion Member (sidebar / themes: tukan, cicada & vicuna)
August 07, 2022, 09:32:59 PM #4
Suricata detects DDoS as well and can handle them quite well running inline.

Issue with that is that the logs cant be written fast enough and it kills the FW quite fast.

Disable Suricata and it can handle DDoS quite well or disable logging written to the FW log.

Print
Go Up Pages1
User actions