[arch-general] IPTables DDoS
Nilesh Govindarajan
lists at itech7.com
Tue Jul 20 09:17:00 EDT 2010
On Tue, Jul 20, 2010 at 1:21 PM, vlad <vla at uni-bonn.de> wrote:
> Hello,
>
> The recent module is good for that:
> http://www.sollers.ca/blog/2008/iptables_recent
> http://www.google.com/search?q=iptables+recent
> I have in my fw script:
> "
> $TABLES -A limitations -m recent --name RECENT_FILTER --set
> $TABLES -A limitations -m recent --name RECENT_FILTER --rcheck --hitcount 6 -j recent_allowed_input
> $TABLES -A limitations --match limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "stuff: "
> $TABLES -A limitations -m recent --name RECENT_ALLOW --set
> $TABLES -A limitations -j DROP
>
> $TABLES -A recent_allowed_input -m recent --name RECENT_ALLOW --update --seconds 300 -j ACCEPT
> $TABLES -A recent_allowed_input -m recent --name RECENT_FILTER --remove -j DROP
> "
> Then you can do smth like
> "
> $TABLES -A INPUT <....> -j limitations
> "
> to apply the rules.
>
> Vlad
>
>
Looks good, do your HTTP users face any problem with it?
--
Regards,
Nilesh Govindarajan
Facebook: http://www.facebook.com/nilesh.gr
Twitter: http://twitter.com/nileshgr
Website: http://www.itech7.com
VPS Hosting: http://j.mp/arHk5e
More information about the arch-general
mailing list