Firewall and QoS Case Studies

These case studies show practical firewall and QoS configurations, including brute-force prevention, DDoS protection, connection-rate rules, port knocking, and advanced firewall designs. Use them as examples for common security policies.

📄️Bruteforce prevention

This example demonstrates how to protect against bruteforce attacks on the SSH port. Note that SSH allows 3 login attempts per connection, and the address lists are not cleared upon a successful login. This means you could accidentally blacklist yourself if you trigger the protection.

📄️Building Advanced Firewall

Building on everything we have covered so far, let's now construct an advanced firewall. In this example, we will implement as many firewall features as possible to demonstrate how they work and when they should be used correctly.

📄️Connection rate

Connection Rate is a firewall matcher that allows capturing traffic based on the present speed of the connection.

📄️DDoS Protection

A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. There are several types of DDoS attacks, for example, HTTP flood, SYN flood, DNS amplification, etc.

📄️Port knocking

All available public IP addresses are constantly being port scanned by bots and services like shodan.io and anyone can use this information to perform brute-force attacks and execute any known exploits. Port knocking is a cost-effective way to defend against this by not exposing any ports and simply listening for connection attempts - if the correct sequence of port connection attempts is made, the client is considered safe and added to a secured address list that bypasses the WAN firewall rules.