11.12. DDoS Rules

You can find the DDoS Rules at Firewall → Rules under the tab DDoS.

DDoS Rules Overview

DDoS Rules are early rules that match an IP Address in the destination or source or a packet. The packet is processed very early when it reaches the firewall and therefore has a high drop performance. In case of an active DDoS attack firewall resources are preserved and normal traffic can still be processed.

11.12.1. General Settings

DDoS rules have some of the same options as firewall rules. You can change the following options here:

Enabled Enable or Disable the rule

Input Interface You can change the Input Interface of this rule.

Action Can be Drop or Accept. It is Drop by default. Accept will act as a whitelist and all Accept rules are processed before Drop rules.

IP Address Enter one or more IP Address or IP Network to block.

Log this Rule will log information when the rule is used.

DDoS Rule