List of things to do avoid DDOS attack on iptables

Posted by

Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

1. Block spoofed traffic: Use the following iptables rules to block spoofed traffic, which is commonly used in DDoS attacks: These rules will drop traffic from private IP address ranges that should never appear on the public internet.

iptables -A INPUT -s 127.0.0.0/8 -j DROP
iptables -A INPUT -s 10.0.0.0/8 -j DROP
iptables -A INPUT -s 192.168.0.0/16 -j DROP

2. Limit the rate of incoming traffic: Use the following iptables rule to limit the rate of incoming traffic from a specific IP address:This will limit the number of incoming connections to 25 per minute, with a burst of 100 connections allowed.

iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

3. Block known DDoS attack patterns: Use the following iptables rules to block known DDoS attack patterns: These rules will block incoming traffic that contains the GET or POST string in the HTTP request, which are commonly used in DDoS attacks.

iptables -A INPUT -p tcp --dport 80 -m string --string "GET /" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 80 -m string --string "POST /" --algo bm -j DROP

4. Use a blacklist: Use the following iptables rule to block traffic from known malicious IP addresses: Replace <malicious_IP> with the IP address(es) you want to block. You can maintain a list of known malicious IP addresses and block them using this rule.

iptables -A INPUT -s <malicious_IP> -j DROP

5. Use SYN cookies: Use the following iptables rule to enable SYN cookies, which can help to prevent SYN flood attacks: This will enable SYN cookies, which can help to prevent DDoS attacks that use the SYN flood method.

echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x