Some tips about iptables

1.Avoid syn attack

Limited syn request speed:(specify the speed of yours)

iptables -N syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
iptables -A syn-flood -j DROP

iptables -N syn-flood

iptables -A INPUT -p tcp --syn -j syn-flood

iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN

iptables -A syn-flood -j DROP

Or limit max syn connetions of single IP:

iptables -A INPUT -i eth0 -p tcp --syn -m connlimit --connlimit-above 15 -j DROP

1	iptables -A INPUT -i eth0 -p tcp --syn -m connlimit --connlimit-above 15 -j DROP

2.Avoid the connetions of an IP

Specify the connections of yours:

iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 15 -j DROP

1	iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 15 -j DROP

3.Avoid ping attack

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

1 2	iptables -A INPUT -p icmp --icmp-type echo-request -j DROP iptables -A OUTPUT -p icmp --icmp-type echo-reply -j DROP

4.Some operations

Delete all rules:

iptables -P INPUT ACCEPT
iptables -F

1 2	iptables -P INPUT ACCEPT iptables -F

Delete the specified rule:

iptables -L -n --line-number
iptables -D INPUT line_number_here

1 2	iptables -L -n --line-number iptables -D INPUT line_number_here

Save and restart:

service iptables save
service iptables restart

1 2	service iptables save service iptables restart

Some tips about iptables

1.Avoid syn attack

3.Avoid ping attack

4.Some operations

发表评论 取消回复

发表评论取消回复