Here is a simple code that you can use to prevent flood on all ports.
IP's are limited to 7 connections / sec, and overall 20 open connections (+1 icmp). You can likely reduce these without causing lag. With 3/sec website will lag a bit if you got lots of images and css files.
You can also use this, it's the same as above only that it limits the number of connections on all ports and protocols within a time specter. In this case, 19 connections over 3 seconds.
Note, this doesn't prevent bandwidth bound attacks and attacks where origin can be spoofed, aga SYN floods and UDP floods.
To save just run:
iptables -N conn-flood
iptables -I INPUT 1 -p tcp –syn -j conn-flood
iptables -A conn-flood -m limit –limit 7/s –limit-burst 20 -j RETURN
iptables -A conn-flood -j DROP
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
iptables -A INPUT -p icmp -j DROP
IP's are limited to 7 connections / sec, and overall 20 open connections (+1 icmp). You can likely reduce these without causing lag. With 3/sec website will lag a bit if you got lots of images and css files.
You can also use this, it's the same as above only that it limits the number of connections on all ports and protocols within a time specter. In this case, 19 connections over 3 seconds.
iptables -I INPUT -p tcp -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m recent --update --seconds 3 --hitcount 20 -j DROP
Note, this doesn't prevent bandwidth bound attacks and attacks where origin can be spoofed, aga SYN floods and UDP floods.
To save just run:
(One of them will fail, it depends on distro witch one that is correct)/etc/init.d/iptables save
OR
/etc/rc.d/iptables save
Last edited: