I have the following lines at the very top of iptables, these are used to prevent SSH brute force attacks and DDOS attacks: iptables segment to prevent SSH brute force attacks and DDOS attacks
What bothers me here is "name: DEFAULT" in all three, I am just wondering whether they will all work or one will overwrite another? Any idea how to test it?
Also, I am using Nginx as a reverse proxy for Apache, am I correct using here ports 80 and 443 (i.e. the ones that Nginx is running on) or should I use Apache ports 7080 and 7081 in iptables?
This is running on VPS with Plesk Onyx and Ubuntu 14.04.
Thanks for your help!
Here are the commands that I used to add these lines to iptables:
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 5 --hitcount 20 -j DROP
iptables -I INPUT -p tcp --dport 443 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 5 --hitcount 20 -j DROP
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP