DoS Protection Profiles and Policy Rules work
together to provide protection against flooding of many incoming
SYN, UDP, ICMP, and ICMPv6 packets, and other types of IP packets.
You determine what thresholds constitute flooding. In general, the
DoS Protection profile sets the thresholds at which the firewall
generates a DoS alarm, takes action such as Random Early Drop, and
drops additional incoming connections. A DoS Protection policy rule
that is set to protect (rather than to allow or deny packets) determines
the criteria for packets to match (such as source address) in order
to be counted toward the thresholds. This flexibility allows you
to blacklist certain traffic, or whitelist certain traffic and treat
other traffic as DoS traffic. When the incoming rate exceeds your maximum
threshold, the firewall blocks incoming traffic from the source
address.