1. Use
iptables
to configure connections limit per IP per second/minute.
Example with ports 7000-8000 and 3 rules:
- max 10 connections in same time from 1 IP
- max 40 new connections per minute from 1 IP
- max 2 new connections per second from 1 IP
Code:
sudo iptables -A INPUT -p tcp --syn --dport 7000:8000 -m connlimit --connlimit-above 10 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
sudo iptables -A INPUT -p tcp --dport 7000:8000 -m state --state NEW -m hashlimit --hashlimit-mode srcip --hashlimit-above 40/min --hashlimit-burst 40 --hashlimit-name ots_conn_rate_min -j REJECT --reject-with tcp-reset
sudo iptables -A INPUT -p tcp --dport 7000:8000 -m state --state NEW -m hashlimit --hashlimit-mode srcip --hashlimit-above 2/sec --hashlimit-burst 2 --hashlimit-name ots_conn_rate_sec -j REJECT --reject-with tcp-reset
2. If it's OVH, you can go panel and configure anti-ddos to work in 0 seconds, not 30.
Default OVH anti-ddos mode is: analyse network traffic for DDoS, if detected: enable anti-ddos [it takes 0-120 second].
You can configure it to pass all network traffic thru anti-ddos system, then it will enable protection in 0 seconds.
Mass connections to port 7171 often blocks port 7171 by hitting default Linux limit of 1024 connections per application (ex. OTS).
Here is my tutorial how to reconfigure it to very high values (it's in polish, but few people did it with Google Translate and it worked):
Contribute to gesior/tutorials development by creating an account on GitHub.
github.com