API tools faq
paste
Advertisement
Guest User

iptables.up.rules

a guest
Nov 23rd, 2014
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.77 KB | None | 0 0
raw download clone embed print report
  1. *filter
  2. :INPUT ACCEPT [0:0]
  3. :FORWARD ACCEPT [0:0]
  4. :OUTPUT ACCEPT [0:0]
  5. :nominal-syn - [0:0]
  6. :syn-flood - [0:0]
  7. :non-syn - [0:0]
  8. -A FORWARD -p tcp --syn -m hashlimit --hashlimit-above 50/sec --hashlimit-burst 100 --hashlimit-htable-expire 300000 --hashlimit-mode srcip --hashlimit-name synstop -j syn-flood
  9. -A FORWARD -p tcp --syn -j nominal-syn
  10. -A FORWARD -j non-syn
  11. -A syn-flood -m recent --name blacklist --set
  12. -A syn-flood -m limit --limit 3/minute --limit-burst 20 -j LOG --log-level 4 --log-prefix "SYN Flood: "
  13. -A syn-flood -j DROP
  14. -A nominal-syn -j ACCEPT
  15. -A non-syn -j ACCEPT
  16. -I INPUT -p TCP -m state --state NEW -m limit --limit 30/minute --limit-burst 5 -j ACCEPT
  17. -I INPUT -p udp -m state --state NEW -m limit --limit 30/minute --limit-burst 5 -j ACCEPT
  18.  
  19. COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!