vyos-1x.git/interface-definitions/include/firewall/action-forward.xml.i, branch mergify/bp/circinus/pr-3989
VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)
https://git.amelek.net/vyos/vyos-1x.git/atom?h=mergify%2Fbp%2Fcircinus%2Fpr-3989
2023-09-21T12:30:39+00:00
T5217: Add firewall synproxy
2023-09-21T12:30:39+00:00
Viacheslav Hletenko
v.gletenko@vyos.io
2023-09-20T11:46:42+00:00
urn:sha1:bdad4e046872e054ec7783b2f04b73a8a690a045
Add ability to SYNPROXY connections
It is useful to protect against TCP SYN flood attacks and port-scanners
set firewall global-options syn-cookies 'enable'
set firewall ipv4 input filter rule 10 action 'synproxy'
set firewall ipv4 input filter rule 10 destination port '22'
set firewall ipv4 input filter rule 10 inbound-interface interface-name 'eth1'
set firewall ipv4 input filter rule 10 protocol 'tcp'
set firewall ipv4 input filter rule 10 synproxy tcp mss '1460'
set firewall ipv4 input filter rule 10 synproxy tcp window-scale '7'
firewall: T4502: Update to flowtable CLI
2023-09-19T11:08:20+00:00
sarthurdev
965089+sarthurdev@users.noreply.github.com
2023-09-15T16:31:17+00:00
urn:sha1:41133869c50cd691735a141722dbca72827191e5
`set firewall flowtable <name> interface <ifname>`
`set firewall flowtable <name> offload [software|hardware]`
`set firewall [ipv4|ipv6] forward filter rule N action offload`
`set firewall [ipv4|ipv6] forward filter rule N offload-target <name>`