[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: iptables

On Fri, 22 Jun 2001, Anders Gjare wrote:

> the main reason for the firewall/router is to have the ability to block
> spesified ip/ip-classes.
> we have a problem of beeing ddos'ed, and whith a firewall like this we
> could block the traffick before it enters our network at the office.

You will block it before it enters your network, but not before it
saturate the line from your ISP.

That cannot be done at your end, and has to be done at your ISP's side.

> i dont think bridge would work so good, atleast not later when we
> upgrade the box.
> currently there are 5 100mbit nic, and later there will be 1 1gbps and 4
> 100mbit nic.

Are those NICs in seperate subnets?

> so there must be a solution that accepts the ip-klass from the inside
> network, and routeit through the firewall.

If it is a bridge, then you can (and should) have a seperate router. If
you want the box to also do routing, then it should probably not be a

Tzafrir Cohen

Reply to: