search

gamemann / XDP-Firewall

A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!
https://deaconn.net/
MIT License
558 stars 92 forks source link

filter doesnt work #14

Closed JohansonIceBerg closed 2 years ago

JohansonIceBerg commented 2 years ago

HEY!

sorry to bother you but the PPS filtering doesnt work or does not work properly. The strictest but most effective PPS limit which is 2500 does not filter anything, but in fact lets more traffic through then even block. with my following configuration:

interface = "eno1"; updatetime = 15; filters = (

{
    enabled = true,
    action = 0,
    pps = 2500,
    bps = 500,
    blocktime = 1000
}

);

it does not even block anything.

Can you please help me understand why its not doing what its meant to do if its meant to help filter.

thank you.

-Johanson

gamemann commented 2 years ago

Hey, I apologize for the really late reply! A lot has been going on in my life recently.

Can you confirm the XDP program is loaded via the ip a or ip link commands?

Thank you!

JohansonIceBerg commented 2 years ago

Yes it is loaded

gamemann commented 2 years ago

When testing the rate-limiting, do you use the same source IP/port or different combinations?