Create connection limits for any users using a very basic script in the firewall area as shown below iptables -I FORWARD -p tcp –syn -m iprange –src-range 10.212.1.100-10.212.3.200 -m connlimit –connlimit-above 60 -j DROP iptables -I FORWARD -p tcp –syn -m iprange –src-range 10.212.3.1-10.212.3.254 -m connlimit –connlimit-above 60 -j DROP iptables -I FORWARD -m
Tag Archives: iptables
Prevent DOS with iptables
After a recent conversation on the Ubuntu Forums I wanted to post an example of using iptables.
Of course there are several types of DOS attacks , in this post I will demonstrating the use if iptables to limit the traffic on port 80.
The goal is to keep your web server “responsive” to legitimate traffic, but to throttle back on excessive (potential DOS) traffic.
In this demonstration iptables is configured :
- The default policy is ACCEPT (to prevent lockout in the event of flushing the rules with iptables -F).
- “Legitimate” traffic is then allowed. In this example I am allowing traffic only on port 80.
- All other traffic is then blocked at the end of the INPUT chain (the final rule in the INPUT chain is to DROP all traffic).
Table of Contents
- Basic Networking Concepts
- Anatomy of iptables
- Using iptables for Filtering
- Saving your configuration
- Additional Tips
- NAT – Network Allocation Table
The man who wears robes made from rags off the dust heap, who is gaunt, with his sinews standing out all over his body, alone meditating in the forest – that is what I call a brahmin.