Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Ubuntu Server Protection:
- Only works on UBUNTU
- apt install busybox -y
- apt install conntrack iptables-persistent netfilter-persistent nftables -y
- systemctl enable netfilter-persistent
- systemctl start netfilter-persistent
- // No Turbo (Only use this if you are using a intel cpu)
- echo 1 | sudo tee /sys/devices/system/cpu/intel_pstate/no_turbo
- // cpu shit
- tail -n +1 /sys/devices/system/cpu/vulnerabilities/*
- Add stuff from my sysctl.conf (https://pastebin.com/sM3gXAMX)
- conntrack -C
- sysctl -p
- sysctl -ar '\.rp_filter'
- // NFT Shit
- nft add table netdev filter
- nft -- add chain netdev filter input { type filter hook ingress device eth0 priority -500 \; policy accept \; }
- nft add table ip filter
- nft add chain ip filter in-chain { type filter hook input priority 0 \; }
- nft add table nat
- nft -- add chain nat prerouting { type nat hook prerouting priority -100 \; }
- nft add chain nat postrouting { type nat hook postrouting priority 100 \; }
- // Donβt forget this
- tc qdisc add dev eth0 ingress
- echo 32768 > /proc/sys/net/core/rps_sock_flow_entries
- echo 32768 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement