[arch-general] IPTables DDoS
vlad
vla at uni-bonn.de
Tue Jul 20 09:25:53 EDT 2010
On Tue, Jul 20, 2010 at 06:47:00PM +0530, Nilesh Govindarajan wrote:
> On Tue, Jul 20, 2010 at 1:21 PM, vlad <vla at uni-bonn.de> wrote:
> > Hello,
> >
> > The recent module is good for that:
> > http://www.sollers.ca/blog/2008/iptables_recent
> > http://www.google.com/search?q=iptables+recent
> > I have in my fw script:
> > "
> > $TABLES -A limitations -m recent --name RECENT_FILTER --set
> > $TABLES -A limitations -m recent --name RECENT_FILTER --rcheck --hitcount 6 -j recent_allowed_input
> > $TABLES -A limitations --match limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "stuff: "
> > $TABLES -A limitations -m recent --name RECENT_ALLOW --set
> > $TABLES -A limitations -j DROP
> >
> > $TABLES -A recent_allowed_input -m recent --name RECENT_ALLOW --update --seconds 300 -j ACCEPT
> > $TABLES -A recent_allowed_input -m recent --name RECENT_FILTER --remove -j DROP
> > "
> > Then you can do smth like
> > "
> > $TABLES -A INPUT <....> -j limitations
> > "
> > to apply the rules.
> >
> > Vlad
> >
> >
>
> Looks good, do your HTTP users face any problem with it?
Don't know. I use this only with ssh and music deamon.
Simply try.
>
More information about the arch-general
mailing list