11.12. DDoS Rules

You can find the DDoS Rules at Firewall → Rules under the tab DDoS.

DDoS Rules Overview

DDoS Rules are early drop rules that match an IP Address in the destination or source or a packet. The packet is dropped very early when it reaches the firewall and therefore has a high drop performance. In case of an active DDoS attack firewall resources are preserved and normal traffic can still be processed.

11.12.1. General Settings

DDoS rules have some of the same options as firewall rules but are only designed to drop traffic. You can change the following options here:

Enabled Enable or Disable the rule

Input Interface You can change the Input Interface of this rule.

IP Address Enter one or more IP Address or IP Network to block.

Log this Rule will log information when the rule is used.

DDoS Rule