1.Avoid syn attack
Limited syn request speed:(specify the speed of yours)
1 2 3 4 |
iptables -N syn-flood iptables -A INPUT -p tcp --syn -j syn-flood iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN iptables -A syn-flood -j DROP |
Or limit max syn connetions of single IP:
1 |
iptables -A INPUT -i eth0 -p tcp --syn -m connlimit --connlimit-above 15 -j DROP |
2.Avoid the connetions of an IP
Specify the connections of yours:
1 |
iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 15 -j DROP |
3.Avoid ping attack
1 2 |
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP |
4.Some operations
Delete all rules:
1 2 |
iptables -P INPUT ACCEPT iptables -F |
Delete the specified rule:
1 2 |
iptables -L -n --line-number iptables -D INPUT line_number_here |
Save and restart:
1 2 |
service iptables save service iptables restart |