API tools faq
paste
Advertisement
TNFModding

Fast DDOS Mitigation

TNFModding
Jun 5th, 2022 (edited)
144
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.13 KB | None | 0 0
raw download clone embed print report
  1. Ubuntu Server Protection:
  2. Only works on UBUNTU
  3.  
  4. apt install busybox -y
  5. apt install conntrack iptables-persistent netfilter-persistent nftables -y
  6.  
  7. systemctl enable netfilter-persistent
  8. systemctl start netfilter-persistent
  9.  
  10. // No Turbo (Only use this if you are using a intel cpu)
  11. echo 1 | sudo tee /sys/devices/system/cpu/intel_pstate/no_turbo
  12.  
  13. // cpu shit
  14. tail -n +1 /sys/devices/system/cpu/vulnerabilities/*
  15.  
  16. Add stuff from my sysctl.conf (https://pastebin.com/sM3gXAMX)
  17. conntrack -C
  18. sysctl -p
  19. sysctl -ar '\.rp_filter'
  20.  
  21. // NFT Shit
  22. nft add table netdev filter
  23. nft -- add chain netdev filter input { type filter hook ingress device eth0 priority -500 \; policy accept \; }
  24.  
  25. nft add table ip filter
  26. nft add chain ip filter in-chain { type filter hook input priority 0 \; }
  27.  
  28. nft add table nat
  29. nft -- add chain nat prerouting { type nat hook prerouting priority -100 \; }
  30. nft add chain nat postrouting { type nat hook postrouting priority 100 \; }
  31.  
  32. // Don’t forget this
  33. tc qdisc add dev eth0 ingress
  34.  
  35. echo 32768 > /proc/sys/net/core/rps_sock_flow_entries
  36.  
  37. echo 32768 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt
  38.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!