Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generated by iptables-save v1.3.5 on Wed Oct 26 06:10:35 2011
- *nat
- :PREROUTING ACCEPT [48601:2911933]
- :POSTROUTING ACCEPT [39676:2321270]
- COMMIT
- # Completed on Wed Oct 26 06:10:35 2011
- # Generated by iptables-save v1.3.5 on Wed Oct 26 06:10:35 2011
- *mangle
- :PREROUTING ACCEPT [1286944:849065359]
- :INPUT ACCEPT [56511:8508858]
- :FORWARD ACCEPT [1230335:840536599]
- :POSTROUTING ACCEPT [1269932:846336862]
- COMMIT
- # Completed on Wed Oct 26 06:10:35 2011
- # Generated by iptables-save v1.3.5 on Wed Oct 26 06:10:35 2011
- *filter
- :INPUT ACCEPT [56511:8508858]
- :FORWARD ACCEPT [1220847:838977511]
- :ANTIFLOOD - [0:0]
- :DROP_LIMIT - [0:0]
- :NEWCONN_LIMIT - [0:0]
- :PACKET_LIMIT_NONTCP - [0:0]
- -A FORWARD -m state --state INVALID -j DROP_LIMIT
- -A FORWARD -o eth0 -j ANTIFLOOD
- -A ANTIFLOOD -j PACKET_LIMIT_NONTCP
- -A ANTIFLOOD -j RETURN
- -A DROP_LIMIT -j LOG
- -A DROP_LIMIT -j DROP
- -A PACKET_LIMIT_NONTCP -p ! tcp -m state --state NEW -m hashlimit --hashlimit 1000/sec --hashlimit-burst 1100 --hashlimit-mode srcip,dstip --hashlimit-name newconn_udp --hashlimit-htable-expire 3500 -j DROP_LIMIT
- -A PACKET_LIMIT_NONTCP -j RETURN
- COMMIT
Add Comment
Please, Sign In to add comment
