hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Iptables rules
Reply

Hosting Security and Technology Configuring and optimizing web hosting servers and operating systems, developing administration scripts, building servers, protecting against hackers, and general security (SSL certificates, etc.)
Forum Jump

Iptables rules

Reply Post New Thread In Hosting Security and Technology Subscription
Page 1 of 2 1 2
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 02-05-2012, 03:49 PM
gmakhs gmakhs is offline
Junior Guru Wannabe
  
Join Date: Feb 2010
Posts: 69

Iptables rules

hello im using this rules to block incooming udo flood but it ddoesn't realy stopn anything...

iptables -A INPUT -p udp --dport 27015 --limit 10/s --limit-burst 20 -j Drop

there is any way to use this command on auto block ip way? like if they use more than 20 packets per sec it will block incoming ip?

Reply With Quote


Sponsored Links
  #2  
Old 02-05-2012, 04:06 PM
jpou jpou is offline
Newbie
  
Join Date: Dec 2011
Posts: 23
Try jumping to Log target to see if this rule matches and then from log target jump to Drop.

Reply With Quote
  #3  
Old 02-05-2012, 04:08 PM
jpou jpou is offline
Newbie
  
Join Date: Dec 2011
Posts: 23
(Edit not working)...

Try:

iptables -A INPUT -p udp --dport 27015 -m limit --limit 10/s --limit-burst 20 -j Drop

Reply With Quote
Sponsored Links
  #4  
Old 02-05-2012, 04:11 PM
gmakhs gmakhs is offline
Junior Guru Wannabe
  
Join Date: Feb 2010
Posts: 69
Quote:
Originally Posted by jpou View Post
(Edit not working)...

Try:

iptables -A INPUT -p udp --dport 27015 -m limit --limit 10/s --limit-burst 20 -j Drop
im gonna try but i get a huge flood so cpu pass out.. thats why im looking for an auto block ip

Reply With Quote
  #5  
Old 02-05-2012, 04:20 PM
gmakhs gmakhs is offline
Junior Guru Wannabe
  
Join Date: Feb 2010
Posts: 69
its not working.. it still posible to get flooded

Reply With Quote
  #6  
Old 02-05-2012, 04:35 PM
infinitnet infinitnet is offline
Web Hosting Evangelist
  
Join Date: Dec 2011
Location: /etc/sysconfig
Posts: 468
Code:
iptables -A INPUT -p udp -m limit --limit 4/s --limit-burst 5 -j DROP

__________________
r00t-Services.net | Anti DDoS, Security, Optimization, Troubleshooting.
Got a question? | Contact us: support[at]r00t-services.net
Affordable DDoS Protection up to 20Gbps! (EU/US)

Last edited by infinitnet; 02-05-2012 at 04:39 PM.
Reply With Quote
  #7  
Old 02-05-2012, 04:43 PM
gmakhs gmakhs is offline
Junior Guru Wannabe
  
Join Date: Feb 2010
Posts: 69
neither this not work if i flood my server with udp packets still goes offline... there isn't any way to block incoming ip when pass the limmits?

Reply With Quote
  #8  
Old 02-05-2012, 04:47 PM
infinitnet infinitnet is offline
Web Hosting Evangelist
  
Join Date: Dec 2011
Location: /etc/sysconfig
Posts: 468
These rules should actually block all further requests, if they're above 5/sec. You can try a different strategy:

Code:
iptables -A INPUT -p udp -m udp -m state --state NEW -m recent --update --seconds 30 --hitcount 10 --name UDPFLOOD --rsource -j DROP
iptables -A INPUT -p udp -m udp -m state --state NEW -m recent --set --name UDPFLOOD --rsource

__________________
r00t-Services.net | Anti DDoS, Security, Optimization, Troubleshooting.
Got a question? | Contact us: support[at]r00t-services.net
Affordable DDoS Protection up to 20Gbps! (EU/US)

Last edited by infinitnet; 02-05-2012 at 04:52 PM.
Reply With Quote
  #9  
Old 02-05-2012, 06:20 PM
gmakhs gmakhs is offline
Junior Guru Wannabe
  
Join Date: Feb 2010
Posts: 69
applyed both codes im still able to flood

Reply With Quote
  #10  
Old 02-05-2012, 07:18 PM
gmakhs gmakhs is offline
Junior Guru Wannabe
  
Join Date: Feb 2010
Posts: 69
if i block the ip i can't get more flooded from this ip if i block just packets it can still hit me

Reply With Quote
  #11  
Old 02-05-2012, 10:42 PM
gmakhs gmakhs is offline
Junior Guru Wannabe
  
Join Date: Feb 2010
Posts: 69
Edit
using this command right i manage to limmit the outgoing udp data . but about ingoing still passing through thats weird becouse im using same rules for both and i only change input /Output

Reply With Quote
  #12  
Old 02-06-2012, 04:24 AM
jpou jpou is offline
Newbie
  
Join Date: Dec 2011
Posts: 23
give us your full iptable (iptables -L -n). Since you are appending rules, you might have a rule that accepts all packets before your UDP rate limiting rule kicks in.

Reply With Quote
  #13  
Old 02-06-2012, 10:51 AM
gmakhs gmakhs is offline
Junior Guru Wannabe
  
Join Date: Feb 2010
Posts: 69
Code:
# Generated by iptables-save v1.3.5 on Mon Feb  6 01:56:49 2012
*mangle
:PREROUTING ACCEPT [59798:12123623]
:INPUT ACCEPT [23894:1338161]
:FORWARD ACCEPT [35900:10784546]
:OUTPUT ACCEPT [15151:3677743]
:POSTROUTING ACCEPT [51051:14462289]
-A INPUT -p udp   -m state --state NEW -m limit --limit 6/sec --limit-burst 10 -j DROP
-A INPUT -p udp -m state --state ESTABLISHED -m limit --limit 6/sec --limit-burst 10 -j DROP
-A FORWARD -p udp -m state --state NEW -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A FORWARD  -p udp -m state --state ESTABLISHED -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A OUTPUT -p udp -m state --state NEW -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A OUTPUT  -p udp -m state --state ESTABLISHED -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A PREROUTING -p udp -m state --state NEW -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A PREROUTING  -p udp -m state --state ESTABLISHED -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A POSTROUTING -p udp -m state --state NEW -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A POSTROUTING  -p udp -m state --state ESTABLISHED -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A INPUT -p udp -m udp -m recent --update --seconds 30 --hitcount 10 --name UDPFLOOD --rsource -j  DROP
-A INPUT -p udp -m udp -m recent --set --name UDPFLOOD --rsource
-A FORWARD -p udp -m udp -m recent --update --seconds 30 --hitcount 10 --name UDPFLOOD --rsource -j DROP
-A FORWARD -p udp -m udp -m recent --set --name UDPFLOOD --rsource
COMMIT
# Completed on Mon Feb  6 01:56:49 2012
# Generated by iptables-save v1.3.5 on Mon Feb  6 01:56:49 2012
*filter
:INPUT ACCEPT [8220:397460]
:FORWARD ACCEPT [35900:10784546]
:OUTPUT ACCEPT [15153:3678123]
-A INPUT -p udp -m state --state NEW -m limit --limit 6/sec --limit-burst 10 -j DROP
-A INPUT -p udp -m state --state ESTABLISHED -m limit --limit 6/sec --limit-burst 10 -j DROP
-A FORWARD -p udp -m state --state NEW -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A FORWARD  -p udp -m state --state ESTABLISHED -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A OUTPUT -p udp -m state --state NEW -m limit --limit 6/sec --limit-burst 10 -j  DROP
-A OUTPUT  -p udp -m state --state ESTABLISHED -m limit --limit 6/sec --limit-burst 10 -j DROP
-A INPUT -p udp -m udp -m recent --update --seconds 30 --hitcount 10 --name UDPFLOOD --rsource -j  DROP
-A INPUT -p udp -m udp -m recent --set --name UDPFLOOD --rsource
COMMIT
# Completed on Mon Feb  6 01:56:49 2012
thats my rules....

and here is iptables l n




Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           state NEW limit: avg 6/sec burst 10
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           state ESTABLISHED limit: avg 6/sec burst 10
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp recent: UPDATE seconds: 30 hit_count: 10 name: UDPFLOOD side: source
           udp  --  0.0.0.0/0            0.0.0.0/0           udp recent: SET name: UDPFLOOD side: source

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           state NEW limit: avg 6/sec burst 10
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           state ESTABLISHED limit: avg 6/sec burst 10

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           state NEW limit: avg 6/sec burst 10
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           state ESTABLISHED limit: avg 6/sec burst 10

Last edited by gmakhs; 02-06-2012 at 10:54 AM.
Reply With Quote
  #14  
Old 02-06-2012, 08:44 PM
infinitnet infinitnet is offline
Web Hosting Evangelist
  
Join Date: Dec 2011
Location: /etc/sysconfig
Posts: 468
Execute the following commands and try it then. The rules are correct, I see no reason why they shouldn't work:

Code:
iptables --flush
iptables -N udp-flood
iptables -A udp-flood -p udp -m limit --limit 1/sec -j ACCEPT
iptables -A udp-flood -j DROP
iptables -A INPUT -j udp-flood

__________________
r00t-Services.net | Anti DDoS, Security, Optimization, Troubleshooting.
Got a question? | Contact us: support[at]r00t-services.net
Affordable DDoS Protection up to 20Gbps! (EU/US)

Reply With Quote
  #15  
Old 02-06-2012, 08:49 PM
gmakhs gmakhs is offline
Junior Guru Wannabe
  
Join Date: Feb 2010
Posts: 69
this drops ssh acces.... im gonna add the ssh accept first

Reply With Quote
Reply
Page 1 of 2 1 2

Similar Threads
Thread Thread Starter Forum Replies Last Post
I need a better rules iptables drphp3 Hosting Security and Technology 6 12-04-2011 05:22 PM
iptables rules Formas Hosting Security and Technology 5 03-05-2011 04:29 AM
IPTables Rules Mr Hash Hosting Security and Technology 10 11-16-2010 09:57 AM
Iptables Rules Ashley Merrick Hosting Security and Technology 7 07-03-2009 07:37 AM
Need to translate IPFW rules to IPTABLES rules chris_jon Hosting Security and Technology 1 01-20-2006 05:11 AM

Related posts from TheWhir.com
Title Type Date Posted
NetDNA Gives Site Managers Granular Control over Content with New EdgeRules Service Web Hosting News 2013-01-22 13:35:47
US Military Weighing New Cyber-Security Powers Web Hosting News 2012-08-13 12:35:54
2012 WHIR Reader Survey Extended - take a few minutes to complete and win Blog 2012-04-30 11:14:58
New Accounting Rules Could Hurt Cloud Hosting Resellers Web Hosting News 2012-03-29 14:16:43
ICANN CEO Emphasizes Rules to Ensure Fair Rollout of New Top Level Domains Web Hosting News 2012-03-13 17:41:28


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

cPanel Addresses User Concerns of Transfer and Backup Restore System Security

US Attorney says Government Should Have Warrants to Search Email

8kMiles Acquires Cloud Security Firm FuGen Solutions for $7.5 Million

Name.com Resets Customer Passwords After Security Breach

Outbound Spam Causing Sleepless Nights?

Malwarebytes Launches Data Scan-and-Backup Service

Commtouch Report: Spam, Malware Continues to Increase in Q1 2013

Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware

APWG Study Finds Phishers Increasingly Target Shared Virtual Servers

Man Arrested in Connection to Spamhaus DDoS Attacks



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?