All HowTo's Cyber-Security

Stop DDoS attack using IPTables

A distributed denial of service attack (or DDoS) will either bring your server down or significantly degrade its performance. This article explains a quick way to tackle the problem.

The IPTables firewall rules that follow ensure packets are limited to a set number per period of time. This rule will ensure only 10 new requests can hit the server in a 20 second period. It won’t stop the attack but it will keep your server up.

iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 20 --hitcount 10 -j DROP

The above is ideal for a web server. However, you can apply this to any port. I’d suggest not to use this for SSH as you’ll also limit your ability to administer the server.

Also, you can use this on a router/proxy in-front of the server by changing INPUT to FORWARD.


Leave a Reply

Your email address will not be published. Required fields are marked *