PacketShield example

In the following example, we show how to set up PacketShield:

  • Enable PacketShield on the interface eth8

  • Configure a default ruleset which:

  • Allow ICMP and VRRP protocols

  • Enable protection on TCP ports 80 and 443 for services load-balanced by the ALOHA itself

  • Enable protection on TCP ports 25, 110, 143, 993, 995 for services routed through the ALOHA

  • Whitelist traffic coming from 10.0.0.0/24

  • Protect the VIP 192.168.0.1 for FTP passive traffic with data ports from 50000 to 60000 for a FTP service routed through the ALOHA

Using the GUI

instances mydemo
mydemo/ifaces eth8
mydemo/drop_empty_ack 100
mydemo/Other/new_cookie_threshold 10000-5000
mydemo/Other/unmatch_drop_threshold 10000-5000
mydemo/Other/unknown_ttlfilter_threshold 10000-5000
mydemo/Other/w_protocols 1
mydemo/Other/w_protocols 112
mydemo/Other/w_source 10.0.0.0-255
mydemo/Other/p_tcp_ports 80
mydemo/Other/p_tcp_ports 443
mydemo/Other/x_tcp_ports 25
mydemo/Other/x_tcp_ports 110
mydemo/Other/x_tcp_ports 143
mydemo/Other/x_tcp_ports 993
mydemo/Other/x_tcp_ports 995
mydemo/contexts 192.168.0.1
mydemo/192.168.0.1/new_cookie_threshold 10000-5000
mydemo/192.168.0.1/unmatch_drop_threshold 10000-5000
mydemo/192.168.0.1/unknown_ttlfilter_threshold 10000-5000
mydemo/192.168.0.1/x_tcp_ports 21
mydemo/192.168.0.1/x_tcp_ports 50000-60000

Using the CLI / sysfs

echo +mydemo >/sys/packetshield/instances
echo +eth8 >/sys/packetshield/mydemo/ifaces
echo 100 >/sys/packetshield/mydemo/Other/drop_empty_ack
echo 10000-5000 >/sys/packetshield/mydemo/Other/new_cookie_threshold
echo 10000-5000 >/sys/packetshield/mydemo/Other/unmatch_drop_threshold
echo 10000-5000 >/sys/packetshield/mydemo/Other/unknown_ttlfilter_threshold
echo +1 >/sys/packetshield/mydemo/Other/w_protocols
echo +112 >/sys/packetshield/mydemo/Other/w_protocols
echo +10.0.0.0-255 >/sys/packetshield/mydemo/Other/w_sources
echo +80 >/sys/packetshield/mydemo/Other/p_tcp_ports
echo +443 >/sys/packetshield/mydemo/Other/p_tcp_ports
echo +25 >/sys/packetshield/mydemo/Other/x_tcp_ports
echo +110 >/sys/packetshield/mydemo/Other/x_tcp_ports
echo +143 >/sys/packetshield/mydemo/Other/x_tcp_ports
echo +993 >/sys/packetshield/mydemo/Other/x_tcp_ports
echo +995 >/sys/packetshield/mydemo/Other/x_tcp_ports
echo +192.168.0.1 >/sys/packetshield/mydemo/contexts
echo 10000-5000 >/sys/packetshield/mydemo/192.168.0.1/new_cookie_threshold
echo 10000-5000 >/sys/packetshield/mydemo/192.168.0.1/unmatch_drop_threshold
echo 10000-5000 >/sys/packetshield/mydemo/192.168.0.1/unknown_ttlfilter_threshold
echo +21 >/sys/packetshield/mydemo/192.168.0.1/x_tcp_ports
echo +50000-60000 >/sys/packetshield/mydemo/192.168.0.1/x_tcp_ports