• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

How to get FREE VPS from Oracle Cloud

fail2ban is just to protect SSH.
To limit connections per IP to ports 7171-7172 you got to run some extra iptables:
Bash:
# 5 polaczen naraz na 1 IP
iptables -A INPUT -p tcp --syn --dport 7171:7172 -m connlimit --connlimit-above 5 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
# 10 nowych polaczen na minute na 1 IP
iptables -A INPUT -p tcp --dport 7171:7172 -m state --state NEW -m hashlimit --hashlimit-mode srcip --hashlimit-above 10/min --hashlimit-burst 10 --hashlimit-name conn_7171_rate_min -j REJECT --reject-with tcp-reset
# 2 nowe polaczenia na sekunde na 1 IP
iptables -A INPUT -p tcp --dport 7171:7172 -m state --state NEW -m hashlimit --hashlimit-mode srcip --hashlimit-above 2/sec --hashlimit-burst 2 --hashlimit-name conn_7171_rate_sec -j REJECT --reject-with tcp-reset
# 150 pakietow przychodzacych na sekunde na 1 IP (149 i 150 sa specjalnie, bo iptables ma jakis problem - nie dziala - jak obie wartosci sa takie same)
iptables -A INPUT -p tcp --dport 7171:7172 -m hashlimit --hashlimit-mode srcip --hashlimit-above 149/sec --hashlimit-burst 150 --hashlimit-name conn_7171_rate_packets_sec -j REJECT --reject-with tcp-reset
# 10 kb transferu przychodzacego na sekunde na 1 IP, tibia moze przyslac wiele pakietow w 1 pakiecie sieciowym,
# wiec 150 pakietow sieciowych moze zawierac 15000 pakietow do obslugi w dispatcherze, tutaj limitujemy taki spam z bota
iptables -A INPUT -p tcp --dport 7171:7172 -m hashlimit --hashlimit-above 10kb/s --hashlimit-mode srcip --hashlimit-name bandwidth_7171_sec -j REJECT --reject-with tcp-reset
Comments what does what are in polish, but it should translate them easily in Google Translate. Packets per second for 12+ client should be around 500.

If you are running website on your host with direct access by IP, you can apply similar rules to ports 80 (HTTP) and 443 (HTTPS).

Anyway, only real protection for website is cloudflare.com [it's free, you don't need 'paid' plan to get full protection] that filters packets between your host and users.
If you configure your website to run 'behind cloudflare', you can run this to limit access to www ports only for cloudflare servers:
Bash:
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP

once again thank you so much brother! i will apply this rules
 
@Gesior.pl
I have a problem. When I try to start a minecraft server, this error pops up: "No X11 DISPLAY variable was set, but this program performed an operation which requires it."
I've never had this problem on any other vps. Do you know how to fix it?
 
@Gesior.pl
I have a problem. When I try to start a minecraft server, this error pops up: "No X11 DISPLAY variable was set, but this program performed an operation which requires it."
I've never had this problem on any other vps. Do you know how to fix it?
My friend ran Minecraft on ARM without any problems.

I found 2 possible solutions for No X11 DISPLAY:

There is even tutorial on ORACLE site :D
 
Last edited:
Back
Top