HomeVyOS Platform
Diffusion vyos-1x 1476dd6f90e0

T5217: Add firewall synproxy
1476dd6f90e0
Actions

This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

T5217: Add firewall synproxy

Add ability to SYNPROXY connections
It is useful to protect against TCP SYN flood attacks and port-scanners

set firewall global-options syn-cookies 'enable'
set firewall ipv4 input filter rule 10 action 'synproxy'
set firewall ipv4 input filter rule 10 destination port '22'
set firewall ipv4 input filter rule 10 inbound-interface interface-name 'eth1'
set firewall ipv4 input filter rule 10 protocol 'tcp'
set firewall ipv4 input filter rule 10 synproxy tcp mss '1460'
set firewall ipv4 input filter rule 10 synproxy tcp window-scale '7'

(cherry picked from commit bdad4e046872e054ec7783b2f04b73a8a690a045)

  1. Conflicts:
  2. interface-definitions/include/firewall/action-forward.xml.i
  3. interface-definitions/include/firewall/action.xml.i
  4. python/vyos/firewall.py
  5. src/conf_mode/firewall.py

Details

Provenance
ViacheslavAuthored on Sep 20 2023, 11:46 AM
MergifyCommitted on Sep 28 2023, 3:03 PM
Parents
rVYOSONEX7c2a0e781e23: Merge pull request #2317 from vyos/mergify/bp/sagitta/pr-2305
Branches
Loading...
Tags
Loading...

Event Timeline

Mergify <37929162+mergify[bot]@users.noreply.github.com> committed rVYOSONEX1476dd6f90e0: T5217: Add firewall synproxy (authored by Viacheslav).Sep 28 2023, 3:03 PM

Changes (7)

PathSize
interface-definitions/
include/
firewall/
action-forward.xml.i
action-and-notrack.xml.i
python/
vyos/
smoketest/
scripts/
cli/
src/
conf_mode/

rVYOSONEX1476dd6f90e0

View Options

interface-definitions/include/firewall/action-forward.xml.i

Loading...
View Options

interface-definitions/include/firewall/action.xml.i

Loading...
View Options

interface-definitions/include/firewall/common-rule-inet.xml.i

Loading...
View Options

interface-definitions/include/firewall/synproxy.xml.i

Loading...
View Options

python/vyos/firewall.py

Loading...
View Options

smoketest/scripts/cli/test_firewall.py

Loading...
View Options

src/conf_mode/firewall.py

Loading...