On Thu, 2004-01-29 at 05:34, Fritz Mesedilla wrote: > I forgot to ask. > I am putting this before the rest of my rules, right? Will this allow legit transaction to get through? > Yes, the rules to redirect to the syn-flood chain must be the first rules of each chain. > Thanks. > > > Cheers, > > fritz <www.mesedilla.com> > --- > + Basta Ikaw Lord > > > > > -----Original Message----- > From: Ray Leach [mailto:raymondl@xxxxxxxxxxxxxxxxxxxxxx] > Sent: Wednesday, January 28, 2004 4:14 PM > To: Netfilter Mailing List (E-mail) > Subject: Re: anti-dos > > > On Wed, 2004-01-28 at 09:18, Fritz Mesedilla wrote: > > in preparation to sco's feb 1. dos attack, is there any special iptables rules that i can use to avoid dos attacks? > > all i have right now is i blocked all ports then opened the mail and internet. > > > > what else can i do for rules? > > > You can use the limit support to limit packet rates: > > ### syn-flood chain > $IPTABLES -N syn-flood > $IPTABLES -A syn-flood -i $IFACE_INET -m limit --limit 75/s > --limit-burst 100 -j RETURN > $IPTABLES -A syn-flood -i $IFACE_DMZ -m limit --limit 75/s --limit-burst > 100 -j RETURN > $IPTABLES -A syn-flood -i $IFACE_INT -j RETURN > $IPTABLES -A syn-flood -j LOG --log-prefix "SYN-FLOOD: " > $IPTABLES -A syn-flood -j DROP > > $IPTABLES -A INPUT -i $IFACE_INT -p tcp --syn -j syn-flood > $IPTABLES -A INPUT -i $IFACE_DMZ -p tcp --syn -j syn-flood > $IPTABLES -A INPUT -i $IFACE_INET -p tcp --syn -j syn-flood > > > > thanks. > > > > > > Cheers, > > > > fritz <www.mesedilla.com> > > --- > > + Basta Ikaw Lord > > > > > > > > > > ---------------------------------------------------------------------- > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the sender immediately by e-mail and delete this e-mail from your > > system. Please note that any views or opinions presented in this > > email are solely those of the author and do not necessarily represent > > those of the company. Finally, the recipient should check this email > > and any attachments for the presence of viruses. The company accepts > > no liability for any damage caused by any virus transmitted by this > > email. > > > > Overture Media, Inc. > > Direct Line: (632) 635-4785 > > Trunkline: (632) 631-8971 Local 146 > > Fax: (632) 637-2206 > > Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100 -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
