Tag Archives: iptables

protect 80 port from syn

Leave a reply

iptables -A INPUT -j ACCEPT -p tcp –dport 80 -m state –state NEW -m limit –limit 40/s –limit-burst 5 -m comment –comment ‘Allow incoming HTTP’
iptables -A INPUT -j ACCEPT -p tcp –dport 443 -m state –state NEW -m limit –limit 40/s –limit-burst 5 -m comment –comment ‘Allow incoming HTTPS’

Also useful:
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -j ACCEPT -m state –state RELATED,ESTABLISHED -m limit –limit 100/s –limit-burst 50

syn flood plus a GET flood requests

Leave a reply

iptables -F
iptables -X
iptables -N ATTACKED
iptables -N ATTK_CHECK
iptables -N SYN_FLOOD
iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp –syn -j SYN_FLOOD
iptables -A SYN_FLOOD -p tcp –syn -m hashlimit –hashlimit 100/sec –hashlimit-burst 3 –hashlimit-htable-expire 3600 –hashlimit-mode srcip –hashlimit-name synflood -j ACCEPT
iptables -A SYN_FLOOD -j ATTK_CHECK
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 80 -m recent –update –seconds 1800 –name BANNED –rsource -j DROP
iptables -A INPUT -p tcp -m tcp –dport 80 -m state –state NEW -j ATTK_CHECK
iptables -A ATTACKED -m limit –limit 5/min -j LOG –log-prefix “IPTABLES (Rule ATTACKED): ” –log-level 7
iptables -A ATTACKED -m recent –set –name BANNED –rsource -j DROP
iptables -A ATTK_CHECK -m recent –set –name ATTK
iptables -A ATTK_CHECK -m recent –update –seconds 180 –hitcount 20 –name ATTK –rsource -j ATTACKED
iptables -A ATTK_CHECK -m recent –update –seconds 60 –hitcount 6 –name ATTK –rsource -j ATTACKED
iptables -A ATTK_CHECK -j ACCEPT