summaryrefslogtreecommitdiff
path: root/interface-definitions/include/firewall/action-forward.xml.i
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-09-20 11:46:42 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2023-09-21 12:30:39 +0000
commitbdad4e046872e054ec7783b2f04b73a8a690a045 (patch)
tree43a0c14ba06ed9ef6fa22b0150b686bd0f14621f /interface-definitions/include/firewall/action-forward.xml.i
parentb52cf1b7b3bc138b26eb21f917967748c40f9d3a (diff)
downloadvyos-1x-bdad4e046872e054ec7783b2f04b73a8a690a045.tar.gz
vyos-1x-bdad4e046872e054ec7783b2f04b73a8a690a045.zip
T5217: Add firewall synproxy
Add ability to SYNPROXY connections It is useful to protect against TCP SYN flood attacks and port-scanners set firewall global-options syn-cookies 'enable' set firewall ipv4 input filter rule 10 action 'synproxy' set firewall ipv4 input filter rule 10 destination port '22' set firewall ipv4 input filter rule 10 inbound-interface interface-name 'eth1' set firewall ipv4 input filter rule 10 protocol 'tcp' set firewall ipv4 input filter rule 10 synproxy tcp mss '1460' set firewall ipv4 input filter rule 10 synproxy tcp window-scale '7'
Diffstat (limited to 'interface-definitions/include/firewall/action-forward.xml.i')
-rw-r--r--interface-definitions/include/firewall/action-forward.xml.i8
1 files changed, 6 insertions, 2 deletions
diff --git a/interface-definitions/include/firewall/action-forward.xml.i b/interface-definitions/include/firewall/action-forward.xml.i
index f61e51887..4e59f3c6f 100644
--- a/interface-definitions/include/firewall/action-forward.xml.i
+++ b/interface-definitions/include/firewall/action-forward.xml.i
@@ -3,7 +3,7 @@
<properties>
<help>Rule action</help>
<completionHelp>
- <list>accept continue jump reject return drop queue offload</list>
+ <list>accept continue jump reject return drop queue offload synproxy</list>
</completionHelp>
<valueHelp>
<format>accept</format>
@@ -37,8 +37,12 @@
<format>offload</format>
<description>Offload packet via flowtable</description>
</valueHelp>
+ <valueHelp>
+ <format>synproxy</format>
+ <description>Synproxy connections</description>
+ </valueHelp>
<constraint>
- <regex>(accept|continue|jump|reject|return|drop|queue|offload)</regex>
+ <regex>(accept|continue|jump|reject|return|drop|queue|offload|synproxy)</regex>
</constraint>
</properties>
</leafNode>