25mbps traffic on UDP port 80: How do I block this?

[AbeFroman]

I am getting 25mbps traffic on UDP port 80. What is the best way to block this?

[bking]

Quote:

Originally Posted by AbeFroman

I am getting 25mbps traffic on UDP port 80. What is the best way to block this?

The best way would be to have your upstream provider block it - and best at the router closest to the source. You can block it locally, but that wont stop the data actually hitting your box, so it will count against any data allowances your provider may give.

To block it locally, iptables -I INPUT -p udp --dport 80 -j DROP
would block all UDP traffic on port 80. If you know where it is coming from add -s xxx.xxx.xxx.xxx to the rule.

Remember though, the data will still hit your box, unless you have your provider block the traffic.

[AbeFroman]

Can this be blocked with the APF firewall?

[bking]

Quote:

Originally Posted by AbeFroman

Can this be blocked with the APF firewall?

I would think so. I am not sure how APF works.. at the end of the ruleset I am sure you could add that line that I gave earlier and then restart the firewall...
Again, I am not sure how APF works, but if it is just a normal shell script, just adding the extra rules should work. Maybe someone who has used APF can provide further comment?