Posts Tagged ‘ iptables ’
This morning we had a DDOS attack on our mail server. Some @$$ trying to swamp our postfix service with hundreds of connections. SO, I did something I did not want to do, but, oh well.
This following bit below will explain a few things and will allow you to limit the amount of active connections to any port on your server with iptables.
The following iptable entries will prevent and block repeat failed connections, but not permanently. This allows two new connections every 60 seconds. This is an effective way of blocking automated attacks you will see mostly from Chinese ISP’s.
iptables -A INPUT -p tcp -m tcp -m state -m recent ! -s 10.0.0.0/24 -i eth0 --dport 22 --state NEW --set --name DEFAULT --rsource
iptables -A INPUT -p tcp -m tcp -m state -m recent ! -s 10.0.0.0/24 -i eth0 --dport 22 --state NEW -j DROP --update --seconds 60 --hitcount 2 --name DEFAULT --rsource
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
From terminal, execute the following;
sudo modprobe ip_nat_ftp ports=21
sudo modprobe ip_conntrack_ftp
sudo iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state --dport 21 --state NEW -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state --sport 20 --state RELATED -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state --dport 1024:65535 --sport 1024:65535 --state RELATED -j ACCEPT
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Nov | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
