Firewalling all incoming traffic with custom rules

0

How do you automatically block all incoming traffic by creating custom rule for every connection (in real time) using iptables?

To clarify - the situation is that my linux box is being DDOSed via port 80 and I want to set iptables to catch and block all attacking bots. After couple of hours (and hopefully all the bots used up), I lift the policy and let the legitimate www traffic in.

EDIT: Or if you could suggest any other way of protecting myself against (probably) distributed SYN flood.

Halik

Posted 2011-03-26T21:45:37.763

Reputation: 397

A good router will protect you against a syn flood attack. – Moab – 2011-03-26T22:45:39.100

Does this answer the question?

– new123456 – 2011-03-29T20:57:36.390

Answers

0

This is not bullet-proof but it should get you started. You can put this in a script and execute it on demand

iptables -N SYN_FLOOD
iptables -A SYN_FLOOD -m limit --limit 5/second --limit-burst 50 -j RETURN
iptables -A SYN_FLOOD -j LOG --log-prefix "SYN flood: "
iptables -A SYN_FLOOD -j DROP

To shut this down just execute:

iptables -D SYN_FLOOD

g24l

Posted 2011-03-26T21:45:37.763

Reputation: 829

Thanks, it will probably prove useful in the future - for now the original idea worked. I dropped and blocked all incoming connections for about 12 hours. Some ligitimate customers got caught but in the end there were about 2600 zombies blocked and the attack died out while I could open the site again. Crude solution but worked. – Halik – 2011-03-30T04:33:22.410

I am not sure I fully understand. You original question is also vague. If the answer was helpful you should vote-up, or accept or something. Your reputation is at risk MR :) – g24l – 2011-03-31T00:38:26.580

Asked: 2011-03-26T21:45:37.763

Viewed: 512 times

Active: 2012-06-10T00:38:37.413