Changing rules for protection against several ddos attacks.

conf/default_ports.conf

@@ -110,8 +110,13 @@ priv_class_a="10.0.0.0/8"
 priv_class_b="172.16.0.0/12"
 priv_class_c="192.168.0.0/16"
 
+link_local_rfc_5735="169.254.0.0/16"
+
+test_net_1_rfc_5735="192.0.2.0/24"
+this_net_rfc_5735="0.0.0.0/8"
+
 # - Multicast Addresse
-class_d_multicast="224.0.0.0/4"
+class_d_multicast="224.0.0.0/3"
 
 # Reserved Addresse
 class_e_reserved="240.0.0.0/5"
@@ -123,6 +128,8 @@ class_e_reserved="240.0.0.0/5"
 
 # unique local address (ULA) - private address block
 ula_block="fc00::/7"
+link_local_unicast_block="fe80::/10"
+multicast_ipv6="ff00::/8"
 
 # - Loopback
 loopback_ipv6="::1/128"

conf/logging_ipv4.conf

@@ -20,8 +20,12 @@ fi
 log_all=false
 
 log_syn_flood=false
+log_port_scanning=false
+log_ssh_brute_force=false
 log_fragments=false
 log_new_not_sync=false
+log_syn_with_suspicious_mss=false
+log_invalid_packets=false
 log_invalid_state=false
 log_invalid_flags=false
 log_spoofed=false

conf/logging_ipv6.conf

@@ -20,8 +20,12 @@ fi
 log_all=false
 
 log_syn_flood=false
+log_port_scanning=false
+log_ssh_brute_force=false
 log_fragments=false
 log_new_not_sync=false
+log_syn_with_suspicious_mss=false
+log_invalid_packets=false
 log_invalid_state=false
 log_invalid_flags=false
 log_spoofed=false

conf/main_ipv4.conf.sample

@@ -20,6 +20,13 @@
 do_not_firewall_bridged_traffic=false
 
 
+# -------------
+# --- Drop ICMP
+# -------------
+
+drop_icmp=false
+
+
 # -------------
 # --- Allow all outgoing traffic
 # -------------

conf/main_ipv6.conf.sample

@@ -20,6 +20,13 @@
 do_not_firewall_bridged_traffic=false
 
 
+# -------------
+# --- Drop ICMP
+# -------------
+
+drop_icmp=false
+
+
 # -------------
 # --- Allow all outgoing traffic
 # -------------