What is the Shield module?
Overview
Shield is a system service that will block internal devices from sending out an excessive number of sessions. Traffic will be blocked after the session count from a single device reaches 30 sessions per second.
Shield can help prevent compromised devices from generating overwhelming amounts of outbound traffic, such as DDoS attacks or port/IP scans.
Excluding traffic from Shield scanning
You can create different rules within the Shield system that will allow you to ignore traffic from a specific device, interface, or even network. The screenshots below will show you what these rules will look like. They can be found under Config > System > Shield.
Adding rules here are just like the rest of the rule sets within NG Firewall. Once you click the Add button, you can choose a variety of different conditions to create the rule with. For this example, we will be using the "Source Address" condition to ignore the traffic for one specific device.
This rule will cause the Shield system to pass the traffic from this one specific device without applying normal thresholds.
Follow
Comments
0 comments
Please sign in to leave a comment.