Hello, On Mon, Jul 19, 2010 at 10:43:45PM +0530, Nilesh Govindarajan wrote:
Hi, Can someone tell me how to use IPTables to prevent DDoS attacks? I'm sure IPTables has the relevant modules (limit, recent I think) after reading some docs, but still in doubt about its implementation. The recent module is good for that: http://www.sollers.ca/blog/2008/iptables_recent http://www.google.com/search?q=iptables+recent I have in my fw script: " $TABLES -A limitations -m recent --name RECENT_FILTER --set $TABLES -A limitations -m recent --name RECENT_FILTER --rcheck --hitcount 6 -j recent_allowed_input $TABLES -A limitations --match limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "stuff: " $TABLES -A limitations -m recent --name RECENT_ALLOW --set $TABLES -A limitations -j DROP
$TABLES -A recent_allowed_input -m recent --name RECENT_ALLOW --update --seconds 300 -j ACCEPT $TABLES -A recent_allowed_input -m recent --name RECENT_FILTER --remove -j DROP " Then you can do smth like " $TABLES -A INPUT <....> -j limitations " to apply the rules. Vlad