I installed ddos deflate,and it worked fine half hour until suddenly port 80 stopped to work.These lead to disaster where i accidentally screwed network on server,but after 2.5 hours of downtime i managed to restore things properly.Now i turned off iptables,and plan to install csf(config system firewall as webmin plugin).I readed somewhere here how csf can also be configured to block ip's with defined number of max connections,so technically it doing same job as dos deflate?Also someone said how that cant help if its hard ddos attack,how csf file will be overloaded with toomuch ip addressees.But i don't realty except to block hard ddos attacks,i think it will do job against low and medium ddos attacks if server have strong network port/hardware and software optimization.And primarily what is most important,to block bots.
Ok next question:how to define to which mail send alerts?Right now it sends to root mail adress.
And how to whitelist ip's,i mean i have another server which connect to this server(serves as image hotlink)so that generate a lot of connections.
I think you need to add your ip address to the csf.allow and csfmignore files.
I am not in from of a computer at the moment so that is off the top of my head.
If you have the webmin module for csf do it in there.
Yes i noticed those two files in csf directory,in first one says how that is whitelist for csf and other for ldf,so to make it work completely both files need to be edited.
I noticed csf support dyndns.Right now i using host.allow in etc to allow only my ip to access ssh,but i need to edit it every 24 hours since my ip is dynamic.Would be possible to set that with csf to update automatically host allow with my ip or to recognize dyndns subdomain as my ip adress?
Not sure about that one sorry. Maybe someone else will have the answer..
Well i think i can resolve this other way.
I started csf with test settings,and after starting it second time,i was not able to access webmin anymore.Any idea why?I mean that is strange since its only testing mode which should'nt block access to anything.Lucky i was able to shutdown firewall over ssh.
And during test time i got warning messages about some system components like:
haldaemon , rpc ,powerdns,mysql and two my scripts.First what i noticed,when my script was running under root there was no that warning,and when i switched it to user it showed.So those messages reports about excessive usage and suspicious usage.Since all those processes are legal,how do i add them to white list to prevent firewall to kill that processes?