• iptable防范ddos攻击

    Basic DoS Protection https://github.com/MPOS/php-mpos/wiki/Basic-DoS-Protection

    # Rule 1: Limit New Connections To Something Sane.
iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT

# Rule 2: Limit Existing Connections To Something Sane.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT

# Rule 3: Wow Lets Just Drop Anything We Don't Like The Look Of
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP

# Rule 4: Come In Or Go away, Don't Knock On My Door.
iptables -N PORT_SCANNING
iptables -A PORT_SCANNING -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
iptables -A PORT_SCANNING -j DROP

# Rule 5: For You LAND Lovers Argghh!(Local Area Network Denial)
iptables -A INPUT -s YOURSERVERIP/32 -j DROP

# Rule 6: Ho-Ho-Ho, Wait.. Its Not Christmas.. (XMAS Packets)
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP

# Rule 7: OMG The Servers Seeing Blue (Smurf Attacks)
iptables -A INPUT -p icmp -m limit --limit 2/second --limit-burst 2 -j ACCEPT
or
iptables -A INPUT -p icmp -j DROP

# Rule 8: The More Advanced SYN Filter (Mod of top rule)
iptables -A INPUT -p tcp -m state --state NEW -m limit --limit 2/second --limit-burst 2 -j ACCEPT
or
iptables -D INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT

# Rule 9: NO UDP EXCEPT DNS - UDP CAN GO CLIMB A TREE
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -j DROP
iptables -A OUTPUT -p udp -j DROP

    TL;DR I Just Want To Copy And Paste.

    iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
iptables -A PORT_SCANNING -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
iptables -A PORT-SCANNING -j DROP
  • 相关阅读:
    富文本的使用
    sql
    # 多线程:为啥无法避免并发修改异常?(假设有两个线程,线程A,线程B),怎么避免并发修改异常?
    File&&字节流
    IO-字符流
    第二周疑问点
    异常
    常用API-Object+String
    学习JavaSE过程中的疑问点(第一周)
    JavaOOP
  • 原文地址:https://www.cnblogs.com/liujitao79/p/4059417.html
Copyright © 2020-2023  润新知