• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

FIREWALL linux (ubuntu)

Pietia

Pietia

Active Member
Joined
Jan 13, 2008
Messages
2,147
Reaction score
48
Location
Poland
My question is what is the best firewall for ubuntu ? is there any protection against ping /ddos/dos ? xD I think there is not .i'm not experinced user of linux but i need just to be sure of that.
 
@up
Thanks i didn know that :)

No more pings <;
2ut27uc.png
 
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/tcp_syncookies

iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
iptables -A FORWARD -m unclean -j DROP
iptables -N VALID_CHECK
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL ALL -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A VALID_CHECK -p tcp --tcp-flags ALL NONE -j DROP
 
PHP: 
iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
 
Why are you disabling icmp echo replies?....

btw, PF is ze best fijahwall

ps: lol at kiel
 
because of pingers ? u can ping some1 if u don't have this..
 
Kornholijo said:
Like anyone does that anymore...
Click to expand...

yea now ddos rocks but im not exacly know how it works :> maybe u can explain me some things ?:d
edit :is there is any way to protect yourself from ddos attacks ?
 
Last edited:
Pietia said:
yea now ddos rocks but im not exacly know how it works :> maybe u can explain me some things ?:d
edit :is there is any way to protect yourself from ddos attacks ?
Click to expand...

DDoS is when thousends or hungreds of computer are pinging you so your computer shuts down or your internet wont even respond on you it will tell's its BUSY etc....
 
Your computer wont shut down, and DDoS is not pinging(icmp) but rather tcp syn/etc or udp flood..
 

Similar threads

kuks
  • Question
Ubuntu 23.04/ compiling
Replies
0
Views
542
kuks
kuks
E
cheap dedicated vps
Replies
1
Views
294
Sizaro
Sizaro
Back
Top