Linux protects against DDoS attacks by iptables TCP connections and frequency _linux

Source: Internet
Author: User
Tags iptables

CC attack a bit siege feeling, the correct setting of protection rules can be done in a very unstable, here gives a iptables IP connection frequency and concurrency restrictions, limit the single IP connection and frequency of the set rules introduced

#单个IP在60秒内只允许新建20个连接, this assumes that the Web port is 80,

Copy Code code as follows:

Iptables-i input-i eth1-p tcp-m tcp–dport 80-m state–state new-m recent–update–seconds 60–hitcount 20–name DE Fault–rsource-j DROP
Iptables-i input-i eth1-p tcp-m tcp–dport 80-m state–state new-m recent–set–name Default–rsource

#控制单个IP的最大并发连接数为20
Copy Code code as follows:

Iptables-i input-p tcp–dport 80-m connlimit–connlimit-above 20-j

#每个IP最多20个初始连接
Copy Code code as follows:

Iptables-i input-p tcp–syn-m connlimit–connlimit-above 20-j DROP

Parameter explanation:

-P Protocol
-M Module_name:
-m TCP means using the capabilities of the TCP extension module (the TCP extension module provides features such as –dport,–tcp-flags,–sync)
Recent module:
–name #设定列表名称, default defaults.
–rsource #源地址, this is the default.
–rdest #目的地址
–seconds #指定时间内
–hitcount #命中次数
–set #将地址添加进列表, and updates the information, including the timestamp of the added address.
–rcheck #检查地址是否在列表 to calculate the time as the first match begins.
–update #和rcheck类似 to calculate the time with the last match.
–remove #在列表里删除相应地址, followed by list name and address
Connlimit function:
The Connlimit module allows you to limit the number of concurrent connections per client IP, that is, each IP is connected to one server at a time.
The Connlimit module can restrict the network use of intranet users, and the server can limit the number of connections each IP initiates.
–connlimit-above N # is limited to how many
–connlimit-mask N # The Mask of this set of hosts, the default is Connlimit-mask 32, that is, each IP.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.