Forum

> > CS2D > Servers > about iptables
Forums overviewCS2D overview Servers overviewLog in to reply

English about iptables

7 replies
To the start Previous 1 Next To the start

old about iptables

sheeL
User Off Offline

Quote
Hello,

This IPTables code can protect my server from DoS/DDoS attack's?

1
2
3
iptables -A INPUT -p tcp --syn -m limit --limit 1 /s --limit-burst 8 -j DROP
iptables -A INPUT -p udp -m length --length 0:28 -j DROP
iptables -A INPUT -p udp -m length --length 278:428 -j DROP

Thanks

old Re: about iptables

x223112
User Off Offline

Quote
Maybe it will save u from DoS/DDoS attacks.. But it wont protect your from Rocket! MUHAHAHAHHA!

old Re: about iptables

sheeL
User Off Offline

Quote
user x223112 has written
Maybe it will save u from DoS/DDoS attacks.. But it wont protect your from Rocket! MUHAHAHAHHA!


Rocket? what lol

old Re: about iptables

RDN
BANNED Off Offline

Quote
1
iptables -A INPUT -p tcp --syn -m limit --limit 1 /s --limit-burst 8 -j DROP
this not protect because here no udp
1
iptables -A INPUT -p udp -m length --length 0:28 -j DROP
this too not protect because small packets do not break the server
1
iptables -A INPUT -p udp -m length --length 278:428 -j DROP
it can protect on 10%

old Re: about iptables

sheeL
User Off Offline

Quote
user RDN has written
1
iptables -A INPUT -p tcp --syn -m limit --limit 1 /s --limit-burst 8 -j DROP
this not protect because here no udp
1
iptables -A INPUT -p udp -m length --length 0:28 -j DROP
this too not protect because small packets do not break the server
1
iptables -A INPUT -p udp -m length --length 278:428 -j DROP
it can protect on 10%


Serious? You are trying to bring down my server @Rodion -.-

old Re: about iptables

EngiN33R
Moderator Off Offline

Quote
@user sheeL: Actually his advice is sound, I don't really see the reason to be as paranoid as you are. If you don't believe him, check the syntax yourself for any malicious flags that you seem to think are there.

old Re: about iptables

DC
Admin Off Offline

Quote
The second rule makes sense. It's not about small packets but about completely empty packets without any payload (28 is the size of the UDP+IP headers). I highly recommend to use this rule.
To the start Previous 1 Next To the start
Log in to reply Servers overviewCS2D overviewForums overview