Rate limiting via iptables might work better with that amount of traffic.Originally Posted by DaWe
e.g.
You could also try to only allow valid traffic e.g.PHP Code:iptables -N QUERY-BLOCK
iptables -A QUERY-BLOCK -m recent --set --name blocked-hosts -j DROP
iptables -N QUERY-CHECK
iptables -A QUERY-CHECK -p udp -m string ! --string "getstatus" --algo bm --from 32 --to 41 -j RETURN
iptables -A QUERY-CHECK -m recent --update --name blocked-hosts --seconds 30 --hitcount 1 -j DROP
iptables -A QUERY-CHECK -m hashlimit --hashlimit-mode srcip --hashlimit-name getstatus --hashlimit-above 15/second -j QUERY-BLOCK
iptables -A INPUT -p udp --dport 27960:29000 -j QUERY-CHECK
PHP Code:iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP # syn flood
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP # bogus TCP Flags
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 28960 -j ACCEPT
# ACCEPT all ports (+ used protocol) you are using for incoming traffic
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # accepts traffic requested by your server
Results 1 to 10 of 13
Thread: Attack on server
Threaded View
-
9th September 2017, 12:22 #7Global Mossaderator
- Join Date
- Nov 2012
- Posts
- 654
- Thanks
- 204
- Thanked 450 Times in 305 Posts
Last edited by Mitch; 9th September 2017 at 12:30.
Reply With Quote