iptables ddos rules

 Original link: http://www.splaybow.com/post/iptables-rule-add-delete-modify-save.html One, view rule set Iptables–list-n//Plus one-n displays IP and port in digital form, it looks more comfortable. Configure default rules Iptables-p INPUT DROP//Not allowedIptables-p FORWARD DROP//Do not allow forwardingIptables-p O

Only common parameters are listed here. For details, see man iptables. 1. ViewIptables-nvl-line-Number -L view all the rules of the current table. The filter table is viewed by default. To view the NAT table, add the-T Nat parameter.-N does not perform reverse lookup on the IP address. Adding this parameter will display a lot faster.-V outputs detailed information, including the number of data packets pas

Prerequisites: iptable has three queue (table) Rules: mangle queue, filter queue, and nat queue.1. The first is the mangle table which is responsible for the alteration of quality of service bits in the TCP header.2. The second table is the filter queue which is responsible for packet filtering.* Forward chain: Filters packets to servers protected by the firewall.* Input chain: Filters packets destined for the firewall.* Output chain: Filters packets

PORT [-PORT]: Source PORT -- Dport PORT [-PORT]: Target PORT -- Tcp-flags mask comp only checks the flag spaces specified by the mask. It is a comma-separated flag list comp: The Mark bit in this list must be 1, not in comp, but in mask, it must be 0; -- tcp-flags SYN, FIN, ACK, rst syn, ACK Explicit Extension: You must specify the module for the extension. You can use the-m option in iptables to complete the extension. Function -M EXTESTION -- spe-o

Method/Step First we connect to the Linux server Use Iptables-l-N to view current firewall rules You can use iptables-l-n--line-number to view the serial number of each rule chain, so that you can delete the specified rule. For example, when we input a rule here, we use the command For example, delete the second rule of input with the following command.

View and clear iptables rules in Ubuntu, and view and clear ubuntuiptables The system does not support service iptables restart and service iptables status. How can I view and clear iptable rules? 1. view basic syntax in iptablesIptables [-t tables] [-L] [-nv] Options and

The current Iptables NAT table rules:[Email protected] ~]# iptables-t NAT-S-P prerouting ACCEPT-P postrouting ACCEPT-P OUTPUT ACCEPT-N DOCKER-A prerouting-m addrtype--dst-type LOCAL-J DOCKER-A Postrouting-s172.17.0.0/ -! -D172.17.0.0/ --J Masquerade-A Postrouting-s172.17.0.0/ -! -D172.17.0.0/ --J Masquerade-A Postrouting-s172.17.0.0/ -! -D172.17.0.0/ --J Masquera

The security of the server has always been the primary consideration of the site. There are a variety of solutions for security. Linux Server firewall, the most commonly used to the number of iptables firewall. Iptables is commonly used in Linux firewall software, the rules are also very flexible, should be the most extensive. Corresponding to the construction o

Iptables-fIptables-xIptables-zIptables-p INPUT DROPIptables-p OUTPUT ACCEPTIptables-p FORWARD ACCEPTIptables-a input-p TCP--dport 56388-j ACCEPTIptables-a input-p TCP--dport 53-j ACCEPTIptables-a input-p UDP--dport 53-j ACCEPTIptables-a input-p TCP--sport 53-j ACCEPTIptables-a input-p UDP--sport 53-j ACCEPTIptables-a input-p icmp-j ACCEPTIptables-a output-p TCP--dport 31337-j DROPAllow YumIptables-a input-m State--state established,related-j ACCEPTIpt

Through Iptables fire Strong Take CentOS as an example, add the following three rules to the iptables: -A rh-firewall-1-input-s 192.168.0.100-p icmp-m ICMP--icmp-type 0-j ACCEPT-A rh-firewall-1-input-s 192.168.0.100-p icmp-m ICMP--icmp-type 8-j ACCEPT-A rh-firewall-1-input-p icmp-m ICMP--icmp-type 8-j DROP-A rh-firewall-1-input-p icmp-m ICMP--icmp-type 0-j DROP

The delete operation Sh code of the iptables rule www.2cto. comiptables-LINPUT -- line-numbers lists all the rules of the INPUT chain numtargetprotoptsourcedestination1REJECTtcp -... Delete iptables rule Sh code www.2cto.com iptables-l input -- line-numbers list all rules o

Clear iptablesThe specific rules are as follows: Clear iptables rules. The default value is ACCEPT. I usually do this before writing rules, haha. #!/bin/sh #accept-allpolicy IPT='/usr/local/sbin/iptables' $IPT-tnat-F $IPT-tnat-X $IPT-tnat-P

Icmp:0 80: Responding to requests8: Answer RequestThis host ping request answers:[Email protected] ~]# iptables-a output-s 192.168.1.128-p ICMP--icmp-type 8-j ACCEPTHowever, the native does not respond to the rule, so ping does not give echo.You need to add a native echo rule at this point:[[email protected] ~]# iptables-a input-d 192.168.1.128-p ICMP--icmp-type 0-j accept[[email protected] ~]# ping 192.168

Is it necessary to redesign the HOOK Point Location of Netfilter? Undoubtedly, this is meaningless because you cannot prove that the new solution is better. You may just look at the solution of another platform, which is different from the Netfilter solution. In fact, I am such a person.The Cisco ACL can be compiled on the port. In fact, the network port role of the Cisco device can be defined. The concept of Linux is completely different from this, linux Kernel considers role-defining as the re

: INPUT ACCEPT [0:0] : FORWARD ACCEPT [0:0] : OUTPUT ACCEPT [0:0]-A input-i lo-j accept-a input-m State--state established,related-j ACCEPT -A input-j REJECT--reject-with icmp-host-prohibited -A forward-j REJECT--reject-with icmp-host-prohibited What is the purpose and whether the deletion has an effect. : INPUT ACCEPT [0:0]# This rule indicates that the input table default policy is accept: FORWARD ACCEPT [0:0]# This rule indicates that the forward table default policy is accept: OUTPUT ACCE

Here are my iptables settings. Copy Code code as follows: *filter : INPUT DROP [0:0] : FORWARD ACCEPT [0:0] : OUTPUT ACCEPT [49,061:9,992,130] -A input-i lo-j ACCEPT does not open a lot of services can not be used, open loopback address -A input-p icmp-j ACCEPT allows ICMP packets to pass, which means allowing others to ping themselves -A input-m state--state related,established-j ACCEPT -A input-p tcp-m tcp--dport 21-j AC

System: CentOS 5.xScript content: The code is as follows Copy Code #!/bin/bashif [!-F. Count];thenIptables-l-n|md5sum|awk ' {print $} ' > ~/.countExit 1ElseIptables-l-n|md5sum|awk ' {print $} ' >~/1.txtDifffile= ' diff ~/.count ~/1.txt|wc-l 'if [[$difffile = 0]];thenecho "File is ok!"Sleep 1Rm-f ~/1.txtElseecho "File is no ok!"Cat ~/1.txt >~/.countSleep 1Rm-f ~/1.txtFiFi and throw it in the crontab. Check every 3 minutes. The code is as follows