Westermo MRD-3x0 User Manual

70

6623-3201

5.3.1 Enabling the Denial of Service filters

The Filter Description table provides a number of DOS filters, 
as shown in Figure 54. The filters can be applied to packets 
received from the LAN port, the wireless port (WLS), and 
from any VPN tunnel by checking the boxes in the appropriate 
column.

Figure 54: Firewall DoS filter options.

The function of each filter is described below:
Rate limit TCP SYN packets
This will limit the number of new TCP connection requests 
(SYN packets) allowed from the given interface. The rate will 
be limited to 5 per second.

Drop invalid TCP flag combinations
Some DOS attacks will send packets that present an invalid 
combination of TCP flags which may cause problems for some 
operating systems. The filter will drop packets with invalid 
combinations received on the given interface.

Rate limit ICMP requests
This will limit the number of ICMP requests (for example, ping 
requests) allowed from the given interface. The rate will be 
limited to 5 per second.

Accept limited ICMP types
The types of ICMP packets that are accepted will be limited 
to types 0, 3, 8 and 11.