[arch-general] IPTables DDoS
vlad
vla at uni-bonn.de
Tue Jul 20 03:51:28 EDT 2010
Hello,
On Mon, Jul 19, 2010 at 10:43:45PM +0530, Nilesh Govindarajan wrote:
> Hi,
> Can someone tell me how to use IPTables to prevent DDoS attacks?
> I'm sure IPTables has the relevant modules (limit, recent I think)
> after reading some docs, but still in doubt about its implementation.
The recent module is good for that:
http://www.sollers.ca/blog/2008/iptables_recent
http://www.google.com/search?q=iptables+recent
I have in my fw script:
"
$TABLES -A limitations -m recent --name RECENT_FILTER --set
$TABLES -A limitations -m recent --name RECENT_FILTER --rcheck --hitcount 6 -j recent_allowed_input
$TABLES -A limitations --match limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "stuff: "
$TABLES -A limitations -m recent --name RECENT_ALLOW --set
$TABLES -A limitations -j DROP
$TABLES -A recent_allowed_input -m recent --name RECENT_ALLOW --update --seconds 300 -j ACCEPT
$TABLES -A recent_allowed_input -m recent --name RECENT_FILTER --remove -j DROP
"
Then you can do smth like
"
$TABLES -A INPUT <....> -j limitations
"
to apply the rules.
Vlad
More information about the arch-general
mailing list