Which rule should be triggered first CT_LIMIT/CONNLIMIT/PORTFLOOD?

Post Reply
RoldanLT
Junior Member
Posts: 2
Joined: 17 Dec 2016, 20:32

Which rule should be triggered first CT_LIMIT/CONNLIMIT/PORTFLOOD?

Post by RoldanLT »

In what order does CSF will be triggered if I have this config set:

Code: Select all

CT_LIMIT = "100"
CT_INTERVAL = "10"
CT_SKIP_TIME_WAIT = "1"
CT_PORTS = "80,443"

SYNFLOOD = "1"

CONNLIMIT = "443;100,80;50"

PORTFLOOD = "443;tcp;20;3,80;tcp;20;3"
I also observe after adding CONNLIMIT and PORTFLOOD rule for port 443/80... CT_LIMIT doesn't work/block abused IP anymore.
Top
RoldanLT
Junior Member
Posts: 2
Joined: 17 Dec 2016, 20:32

Re: Which rule should be triggered first CT_LIMIT/CONNLIMIT/PORTFLOOD?

Post by RoldanLT »

When combined and both enabled, what are the suggested values for CT_LIMIT & CONNLIMIT?
Which one should be higher?

CT_LIMIT seems to stop blocking IP with both enabled.
Top
Post Reply

Return to “General Discussion (csf)”