Revision history for IPTablesRulesToBlockDDOSTraffic
Additions:
[[IPTablesRulesToBlockDDOSTrafficES EspaƱol]]
Additions:
Shorewall users may enter the following lines in their 'rules' file to perform the same rate limiting:
DNS(ACCEPT) net $FW ;rate=s:DNSTHROTTLE:30/min:10
DNS(DROP) net $FW
These two lines should be placed //before// any other DNS accept rules. The second line only drops those packets that fall outside of the rate limits. As above, this rule allows up to 30 packets per minute from an IP address, with a burst of 10 packets.
DNS(ACCEPT) net $FW ;rate=s:DNSTHROTTLE:30/min:10
DNS(DROP) net $FW
These two lines should be placed //before// any other DNS accept rules. The second line only drops those packets that fall outside of the rate limits. As above, this rule allows up to 30 packets per minute from an IP address, with a burst of 10 packets.
Deletions:
shorewall rules. Please report back with successes and/or failures.
I'm sure the parameters I've chosen can use much more tweaking.
