now i have this line of code to prevent DDoS attacks but i and my colleges think it will limit access to the website as well the code is as following:
Code:
$IPTABLES -A INPUT -p tcp -i eth1 -m multiport --dports 20,21,53,69,80,119,443,8080 -m limit --limit 60/minute --limit-burst 125 -j ACCEPT
now we already suspect it might be for too many ports already, but the main concern is that we might block everyone instead of just DDoS attacks
we also have a code to prevent SSH attacks which we know will work since we took that from a LAN network which also provided internet access to the users, the code of it is as following:
Code:
#trusted SSh IPs
$IPTABLES -N SSH_WHITELIST
$IPTABLES -A SSH_WHITELIST -s <ip of trusted pc> -m recent --remove --name SSH -j ACCEPT
#brute force SSH blocker
$IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
$IPTABLES -A INPUT -p tcp -i eth1 -m multiport --dport 22,220 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
we hope you the comunity can help us out with this issue
Bookmarks