Our server (Ubuntu) is running multiple services like: web server, FTP, SSH, Teamspeak, DNS etc. We have 100Mbit connection, but the problem is sometimes there is attacker who is DOSing our server so it takes all the 100Mbits and disconnects us. Its most likely UDP DOS to Teamspeak but I didn't get any confirmation since it disconnects me from SSH before I could actually do anything. Here comes my question: is there a way to limit bandwidth based on remote IP address?
I've read bit about iptables and tc but I don't understand it well enough. Or are there any other methods to prevent us disconnecting from SSH?
The server is also running CSF.
The best option would be to use a hardware firewall to do this, but if this is not possible then hopefully you can configure your software firewall to block the attack or restrict bandwidth per IP as you say, I've only done this with hardware firewalls so hopefully someone can post here with instructions for CSF.
█ Accelerated Hosting - From Constant Internet
█ Automatically serving your website from the nearest server
█ Get hosted on our global network! America / Europe / Asia
MMrs do you have graphs or similar that indicate you are indeed maxing out at 100Mb/s ?
If you are then your provider will need to filter the IP/IPs via ACLs or similar, a firewall will not help more than a router/switch with ACLs unless it is had DDOS features and its own ports do not get saturated by the attack.
If you are not sure if you are hitting the 100Mb/s limit ask your provider for graphs, if you are not then you can typically filter it via iptables but you need to confirm if the port is saturated or not via graphs before moving in any direction.
I don't rely want pay for hardware firewall because its not long attack, it only happens at weekend nights when our teamspeak is active and I and its purpose is to disconnect all users from teamspeak server.
Yes I am sure it hits 100Mb/s, both my providers and my own bandwidth graphs are showing it. Its probably not DDOS at max it might be 5-6 computers attacking.