Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Limit number of concurrent connections
- -A INPUT -i eth0 -p tcp --syn -m connlimit --connlimit-above 50 -j DROP
- # Limit rate of new connections
- -A INPUT -i eth0 -p tcp --syn -m hashlimit --hashlimit-name tcp --hashlimit-mode srcip --hashlimit-above 3/sec --hashlimit-burst 7 --hashlimit-srcmask 32 -j DROP
- -A INPUT -p tcp -m tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j SYNFLOOD
- -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j HTTPDGUARD
- -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j HTTPDGUARD
- -A HTTPDGUARD -m connlimit --connlimit-above 25 --connlimit-mask 32 -j HTTPDENY
- -A HTTPDENY -j LOG --log-prefix "HTTP Flood: "
- -A HTTPDENY -p tcp -m tcp -j REJECT --reject-with tcp-reset
- -A SYNFLOOD -m state --state NEW -m recent --set --name SYNRATE --rsource
- -A SYNFLOOD ! -s 150.156.24.0/24 -m state --state NEW -m recent --update
- --seconds 5 --hitcount 200 --name SYNRATE --rsource -j DROP
- -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement