Page MenuHomePhabricator

iptables ddos protection
Open, NormalPublic



  • research if adding any iptables ddos protection rules by default would make sense in context of Whonix
    • improving ddos resistance
    • not opening new privacy issues
    • not opening new fingerprinting vectors
  • consider implementing them



Related Objects

Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added a project: whonix-gw-firewall.
Patrick added a subscriber: Patrick.

Basic research I did:

some things like enabling tcp timestamps dont make sense from a privacy perspective so ignore them.

Patrick set Impact to Needs Triage.

Apart from SYNPROXY there are more effective iptables rules for DDoS mitigation discussed here:
Some of those should be added to whonix-gw-firewall as well imo.

Patrick added projects: research, enhancement.
Patrick changed Impact from Needs Triage to Normal.
Patrick added a subscriber: marmarek.