1 changed files with 47 additions and 1 deletions
+ 47
- 1
README.md
View File
| @@ -3,4 +3,50 @@ | |||
| A userspace application that filters DHCP floods to protect a DHCP server. It uses the Netfilter userspace packet queuing API. | |||
| # Dependencies | |||
| build-essential uthash-dev libnetfilter-queue-dev | |||
| ``` | |||
| apt-get install build-essential uthash-dev libnetfilter-queue-dev | |||
| ``` | |||
| # Configuration | |||
| ``` | |||
| # max_pkt_per_interval | |||
| # maximum number of packets authorised per time interval. | |||
| max_pkt_per_interval=30 | |||
| # interval | |||
| # measurement time interval in seconds. | |||
| interval=30 | |||
| # debug | |||
| # enable debugging, warning, very verbose | |||
| debug=1 | |||
| # blacklist_time | |||
| # number of seconds this client will be ignored once | |||
| # it exceeded the max_pkt_per_interval per interval | |||
| blacklist_time=55 | |||
| # queue number | |||
| # refers to the queue-num of iptables. | |||
| # -A FORWARD -p udp -m udp --dport 67 -j NFQUEUE --queue-num 67 --queue-bypass | |||
| queue=67 | |||
| # dryrun | |||
| # if dryrun is set to 1 it will accept all packets no matter what. | |||
| # this can be used for testing, syslog will still display the blacklisting | |||
| # actions. | |||
| # Set to 0 for production. | |||
| dryrun=1 | |||
| ``` | |||
| # Run | |||
| ``` | |||
| root@router:~/dhcp_protect# ./dhcp_protect ./dhcp_protect.conf | |||
| Loading configuration ./dhcp_protect.conf | |||
| Configuration: | |||
| dryrun = Yes | |||
| debug = Yes | |||
| interval = 30s | |||
| max_pkt_per_interval = 30 | |||
| blacklist_time = 55s | |||
| queue = 67 | |||
| ``` | |||
Loading…