iptables tips & tricks

iptables is a firewall app that can filter packets.

#Detect DoS attack by limiting to 12 connections/sec
iptables -t nat -N syn-flood
iptables -t nat -A syn-flood -m limit --limit=12/s --limit-burst 24 -j RETURN
iptables -t nat -A syn-flood -j DROP
iptables -t nat -A PREROUTING -i $EXT_IFACE -d $DEST_IP -p tcp --syn -j syn-flood

Note that $DEST_IP is ultimate requested IP of packet, and $EXT_IFACE is public interface of the firewall.

#Drop Xmas and NULL packets
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
iptables -t nat -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP

About these ads

2 Responses to iptables tips & tricks

  1. abs exercises

    Truth About Abs

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: