added port 80 to ddos protected port list

netfoundry · Apr 16, 2024 · 72ae418 · 72ae418
1 parent c8e70ed
commit 72ae418
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,7 +10,7 @@ All notable changes to this project will be documented in this file. The format
 - Added map to track tcp syn count for packets sent to the firewall ip address on port 443.
 - Ddos protection is meant for the FW host accept/deny logic was moved to first bpf program and
   and addresses in ddos_protect_map supersede fw rules for locally terminated service on port 443.
-  Currently only for port 443 and 6262. 
+  Currently only for ports 80,443 and 6262. 
 
 # [0.5.14] - 2024-04-02
 

diff --git a/src/zfw_tc_ingress.c b/src/zfw_tc_ingress.c
@@ -942,8 +942,8 @@ int bpf_sk_splice(struct __sk_buff *skb){
                 goto assign;
             }
             bpf_sk_release(sk);
-            if(((bpf_ntohs(tuple->ipv4.dport) == 443) || (bpf_ntohs(tuple->ipv4.dport) == 6262))
-             && local_ip4 && local_ip4->count){
+            if(((bpf_ntohs(tuple->ipv4.dport) == 80) || (bpf_ntohs(tuple->ipv4.dport) == 443)
+            || (bpf_ntohs(tuple->ipv4.dport) == 6262)) && local_ip4 && local_ip4->count){
                     uint8_t addresses = 0;
                     if(local_ip4->count < MAX_ADDRESSES){
                         addresses = local_ip4->count;