Simple configuration of vps to prevent ddos attacks

It is imperative to protect people. There are always boring or intentional people on the Internet. Not much. Configure vps filters to prevent small-traffic ddos attacks.

For high-traffic ddos attacks, the hardware firewall of the data center is required, and the vps may not be able to cope with it.

1. Install DDoS deflate

The principle of DDoS deflate is to use the netstat command to find a single IP address that sends an excessive connection, and use the iptables firewall to reject these IP addresses. Because iptables firewall denies IP connection far more efficient than Apache, iptables becomes a "filter" running on the Apache front-end ". Likewise, DDoS deflate can also be configured to block IP addresses using the advanced firewall.

wget http://www.inetbase.com/scripts/ddos/install.shchmod +x install.sh./install.sh

Main functions and configurations

1. You can set an IP whitelist in/usr/local/ddos/ignore. ip. list;

2. The main configuration file is located in/usr/local/ddos. conf. Open this file and edit it as prompted;

3. DDoS deflate automatically unblocks an IP address when it is pre-configured;

4. You can set the length of time in the configuration file to check the network connection status;

5. When the IP address is blocked, you can set an Email notification.

Simple Configuration:

FREQ = 1 # The detection frequency is 1 minute NO_OF_CONNECTIONS = 100 # When a single IP address exceeds 100 connection requests, it is determined to be DDOS APF_BAN = 1 # If you plan to block the IP address using the APT, set this parameter to 1 (if you need to install the TDS agent in advance). If you use iptables, set this parameter to 0; KILL = 1 # Whether to block EMAIL_TO = "webmaster@firstVM.com" # receive mail BAN_PERIOD = 600 # blocking duration, 10 minutes

2. install and configure the apt.

Advanced Policy Firewall is a software Firewall in the Linux environment produced by Rf-x Networks. It is adopted by most Linux server administrators and is easy to understand and use using iptables rules.

It is suitable for users who are not familiar with iptables, because its installation and configuration are relatively simple, but its functions are still very powerful.

Script installation:

root@linux:/home/zhangy# wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz  root@linux:/home/zhangy# tar -xvzf apf-current.tar.gz  root@linux:/home/zhangy# cd apf-9.7-1  root@linux:/home/zhangy/apf-9.7-1# ./install.sh

Ubuntu can be installed quickly:

sudo aptitude install apf-firewall

Configuration:

vi /etc/apf/conf.apf

Go back to the page and find:

# Configure inbound (ingress) accepted services. This is an optional # feature; services and customized entries may be made directly to an ip's # virtual net file located in the vnet/ directory. Format is comma separated # and underscore separator for ranges. # # Example: # IG_TCP_CPORTS="21,22,25,53,80,443,110,143,6000_7000" # IG_UDP_CPORTS="20,21,53,123" # IG_ICMP_TYPES="3,5,11,0,30,8" # Common inbound (ingress) TCP ports IG_TCP_CPORTS="22"

By default, only port 22 is enabled. We don't care. Try accessing the website on port 80 below. It turns out that it can be accessed. Why does the rule not work.

Continue to view the configuration file. Find and find.

This line caught my attention:

# Untrusted Network interface(s); all traffic on defined interface will be # subject to all firewall rules. This should be your internet exposed # interfaces. Only one interface is accepted for each value. IFACE_IN="eth0"

I suddenly thought that it would be a problem with the listening port.

We know that if it is a real server or xen-virtualized vps, its Nic is eth *. For example:

ifconfig

However, my vps is virtualized by openvz. Its Nic is generally vnet. For example:

The above configuration file is changed:

# Untrusted Network interface(s); all traffic on defined interface will be # subject to all firewall rules. This should be your internet exposed # interfaces. Only one interface is accepted for each value. IFACE_IN="venet0"

Restart TDS:

apf -r

The prompt says the ip_tables module cannot be found.

Ip_tables

Filters (4677): {glob} unable to load iptables module (ip_tables), aborting.

So I searched for ubuntu apt to find this article.

Http://davidwinter.me/articles/2011/06/05/install-apf-on-ubuntu-11-04/

In general, iptables is compiled into the kernel by default in ubuntu, rather than running in modules. By default, you can call iptables in the module mode. Therefore, you need to modify the configuration of the apt:

SET_MONOKERN = "1"

Restart the TDS agent.

Then we can see a long string of logs:

It seems that it is successful.

Try it out. Port 80 is inaccessible.

Only 22 are still there.

Return to the configuration file and open the port:

vi /etc/apf/conf.apf

Find:

# Configure inbound (ingress) accepted services. This is an optional # feature; services and customized entries may be made directly to an ip's # virtual net file located in the vnet/ directory. Format is comma separated # and underscore separator for ranges. # # Example: # IG_TCP_CPORTS="21,22,25,53,80,443,110,143,6000_7000" # IG_UDP_CPORTS="20,21,53,123" # IG_ICMP_TYPES="3,5,11,0,30,8" # Common inbound (ingress) TCP ports IG_TCP_CPORTS="22,80,443"

Save and restart the system: APT-r.

Access the following again.

Finally, disable the debugging mode of the Active Filter and officially launch the system:

Find:

# !!! Do not leave set to (1) !!!# When set to enabled; 5 minute cronjob is set to stop the firewall. Set # this off (0) when firewall is determined to be operating as desired.DEVEL_MODE="1"

Change to 0:

# !!! Do not leave set to (1) !!!# When set to enabled; 5 minute cronjob is set to stop the firewall. Set # this off (0) when firewall is determined to be operating as desired.DEVEL_MODE="0"