Iptables: Block IP that makes more requests in a certain time
In order to protect from small DoS attack I want to learn if i can give in iptables a rule that says the following for INPUT requests.
"If an ip makes more than one request in a certain time(predined time eg 1sec) block this ip" with an no certain ip.
All examples i have found give this rule with a certain ip.
Can i give this as general rule for all ips?
If yes can you give an example?
Thnx in advance.
You can use a script like SYN Deflate to block IPs with too many connections, BARF to block HTTP flood and something like "iptables -A INPUT -p tcp --syn -m connlimit --connlimit-above 25 -j REJECT --reject-with tcp-reset" to limit connections and "iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT" to limit new SYN connections per second/minute. Furthermore you should tweak your kernel settings: