Is it possible to block IP ranges (IP blocks) when lets say 4 or more IPs from that block are already banned?
Here is a small capture of the traffic on port 80 during the last attack:
http://i.imgur.c om/m1oly.png (remove the space, sorry I can't post links)
(there is no filter in the capture, only port 80 connections)
It is just an example, I don't want to manually block 192.132.209.* cause there are a lot of blocks, not just a few ones. I want the firewall to block them automatically. Is it possible?
SYNFLOOD is currently enabled:
Code: Select all
SYNFLOOD = "1" SYNFLOOD_RATE = "30/s" SYNFLOOD_BURST = "10"