10488 – No rate limiting for LOG rules

Bug 10488 - No rate limiting for LOG rules

Summary: No rate limiting for LOG rules

Status:	CLOSED FIXED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified Unspecified

Importance:	- Unknown - - Unknown -
Assignee:	Michael Tremer
QA Contact:

URL:
Keywords:

Depends on:
Blocks:	10486
	Show dependency tree / graph

Reported:	2014-03-03 08:55 UTC by Michael Tremer
Modified:	2014-05-10 17:05 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Tremer 2014-03-03 08:55:33 UTC

All log rules of the new firewall GUI do not have rate limiting. Therefore, it is very easy to generate hundreds of log messages a second which will fill the logs and consume disk space.

This can be used as a DoS attack, so too much logging should be prohibited.

Comment 1 Michael Tremer 2014-03-04 14:17:21 UTC

http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=3bb4bb3fa136224792e7dbbcf8b4f801a5565284