hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : IPTables
Reply

Forum Jump

IPTables

Reply Post New Thread In Dedicated Server Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 04-23-2012, 01:10 AM
atomiclayer atomiclayer is offline
WHT Addict
 
Join Date: Feb 2012
Posts: 139

IPTables


What rules can i place into iptables to block SYN Floods

this is what i got currently

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP



Sponsored Links
  #2  
Old 04-23-2012, 03:25 AM
VectorVPS VectorVPS is offline
(formerly WhichGunDotCom)
 
Join Date: Jun 2011
Location: Woodbridge, NJ
Posts: 748
Try this:

Code:
# create new chains
iptables -N syn-flood

# limits incoming packets
iptables -A syn-flood -m limit --limit 10/second --limit-burst 50 -j RETURN

# log attacks
iptables -A syn-flood -j LOG --log-prefix "SYN flood: "

# silently drop the rest
iptables -A syn-flood -j DROP

  #3  
Old 04-23-2012, 08:46 AM
EvolutionCrazy EvolutionCrazy is offline
Web Hosting Master
 
Join Date: May 2006
Location: Italy
Posts: 594
you could also make use of hashlimit in front of recent in order to block only the attackers IP without blocking legit users

__________________
Marco Padovan
HiperZ.com - providing premium gameservers and fulfilling any kind of hosting needs in Europe/USA.
DDoS protections & general consultancy / linux servers management specialists
We provide custom system administration help - Bitcoin Accepted

Sponsored Links
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Error: iptables command [/sbin/iptables -v -I OUTPUT -p tcp --dport 25 -m owner --uid pooyan Hosting Security and Technology 5 03-28-2012 08:33 AM
can't initialize iptables table `filter': iptables who? (do you need to insmod?) elvis1 Hosting Security and Technology 8 11-29-2010 12:02 AM
after flush+zero iptables, will a new iptables ban work? Tertsi Hosting Security and Technology 2 01-06-2008 12:04 AM
APF & iptables... hm.. iptables is not starting.. LowAsYou Hosting Security and Technology 10 11-10-2006 11:18 PM
How to find IPtables (I can't restart iptables without a reboot) DSD Hosting Security and Technology 13 12-28-2005 03:51 PM

Related posts from TheWhir.com
Title Type Date Posted


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?