On Mon, Jul 19, 2010 at 11:14 PM, Heiko Baums <lists@xxxxxxxxxxxxxxx> wrote: > Am Mon, 19 Jul 2010 22:43:45 +0530 > schrieb Nilesh Govindarajan <lists@xxxxxxxxxx>: > >> Hi, >> Can someone tell me how to use IPTables to prevent DDoS attacks? >> I'm sure IPTables has the relevant modules (limit, recent I think) >> after reading some docs, but still in doubt about its implementation. > > There's the --limit option against DoS attacks. > > A good iptables tutorial with some example scripts is here: > http://www.frozentux.net/documents/iptables-tutorial/ > > Read at least the chapter "Limit match". > > Heiko > Thanks a lot man. But I have a doubt (may sound quite weird, but I really don't know about it). Suppose I set this- iptables -I INPUT -m limit --limit 1/min --limit-burst 5 -j ACCEPT will this affect HTTP connections? Basically, how many packets is probably going to constitute one connection? What is the recommended setting for the same to prevent DoS? -- Regards, Nilesh Govindarajan Facebook: http://www.facebook.com/nilesh.gr Twitter: http://twitter.com/nileshgr Website: http://www.itech7.com VPS Hosting: http://j.mp/arHk5e
