Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

fwaccel dos

modify entries

delete entry

fwaccel dos deny -d 35.244.181.201

add entry

fwaccel dos allow -a 35.244.181.201
fwaccel dos pbox allow -a 35.244.181.201

whitelisting

show current whitelist

[Expert@externalfw2:0]# fwaccel dos pbox allow -s | wc -l
58
[Expert@externalfw2:0]# fwaccel dos allow -s | wc -l
89

loading a file:

fwaccel dos allow -l whitelist-clarizen.txt
fwaccel dos pbox allow -l whitelist-clarizen.txt

manually

fwaccel dos allow -a 1.2.3.4
fwaccel dos pbox allow -a 1.2.3.4

However, only the load file method is what we want to do. If you randomly add an ip, we do not know where it came from or how to manage it. So please always create a text file, then load the text file. Several text files are already created and script has been created to load all of them.

Whitelist/blacklist does not survive a reboot, so a script was created to make it easier:

Expert@externalfw2:0]# cat /home/admin/add-all-whitelist.sh
#!/bin/bash

fwaccel dos allow -l whitelist-clarizen.txt
fwaccel dos pbox allow -l whitelist-clarizen.txt

fwaccel dos allow -l whitelist-cisco.txt
fwaccel dos pbox allow -l whitelist-cisco.txt

fwaccel dos allow -l whitelist-polycom.txt
fwaccel dos pbox allow -l whitelist-polycom.txt

fwaccel dos allow -l whitelist-proxies.txt
fwaccel dos pbox allow -l whitelist-proxies.txt

fwaccel dos allow -l whitelist-internal.txt
fwaccel dos pbox allow -l whitelist-internal.txt

# this file is for anything we don't know where it goes
fwaccel dos allow -l whitelist-dos.txt
fwaccel dos pbox allow -l whitelist-dos.txt

# show the counts of the pbox and allow for comparison
fwaccel dos allow -s | wc -l
fwaccel dos pbox allow -s | wc -l

./add-all-whitelist.sh

pbox

show current pbox

[Expert@externalfw2:0]# fwaccel tab -f -t dos_pbox
Table: dos_pbox
    Total number of entries: 11

  101.32.35.230, Exp = 170/180
    81.177.33.4, Exp = 33/180
  79.124.56.146, Exp = 122/180
 89.248.168.235, Exp = 63/180
  79.124.59.130, Exp = 37/180
  183.136.225.5, Exp = 64/180
   45.155.91.76, Exp = 102/180
  47.115.215.35, Exp = 23/180
 192.241.204.16, Exp = 8/180
 198.199.98.152, Exp = 163/180
    68.69.184.2, Exp = 81/180

Configuration

set rates/threshold/features

fwaccel dos config get
fwaccel dos config set --enable-rate-limit
fwaccel dos config set --enable-pbox
fwaccel dos config set --pbox-rate 50
fwaccel dos config set --enable-drop-frags
fwaccel dos config set --enable-log-pbox
fwaccel dos config set --enable-log-drops

fwaccel6 dos config get
fwaccel6 dos config set --enable-rate-limit
fwaccel6 dos config set --enable-pbox
fwaccel6 dos config set --pbox-rate 50
fwaccel6 dos config set --enable-drop-frags
fwaccel6 dos config set --enable-log-pbox
fwaccel6 dos config set --enable-log-drops

show rate/threshold/features

[Expert@externalfw1:0]# fwaccel dos config get
    rate limit: enabled (without policy)
    rule cache: enabled
          pbox: enabled
     deny list: enabled (with policy)
    drop frags: enabled
     drop opts: disabled
      internal: disabled
       monitor: disabled
     log drops: enabled
      log pbox: enabled
    notif rate: 50 notifications/second
     pbox rate: 50 packets/second
      pbox tmo: 180 seconds

[Expert@externalfw1:0]# fwaccel6 dos config get
    rate limit: enabled (without policy)
    rule cache: enabled
          pbox: enabled
     deny list: enabled (without policy)
    drop frags: enabled
     drop opts: disabled
      internal: disabled
       monitor: disabled
     log drops: enabled
      log pbox: enabled
    notif rate: 50 notifications/second
     pbox rate: 50 packets/second
      pbox tmo: 180 seconds