Created
December 30, 2021 17:29
-
-
Save UbuntuEvangelist/1dd153de04f4de8ec389ce0b4f62c83f to your computer and use it in GitHub Desktop.
DoS Protection For Ubuntu Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo apt-get update | |
sudo apt-get install denyhosts | |
sudo apt-get install fail2ban | |
sudo service denyhosts restart | |
sudo service fail2ban restart | |
sudo service fail2ban status | |
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT | |
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT | |
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP | |
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP | |
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP | |
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP | |
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP | |
sudo iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP | |
sudo iptables -A PORT_SCANNING -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN | |
sudo iptables -A PORT-SCANNING j DROP | |
sudo iptables -A INPUT -p icmp -m limit --limit 2/second --limit-burst 2 -j ACCEPT | |
sudo iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP | |
sudo iptables -A INPUT -p udp --sport 53 -j ACCEPT | |
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT | |
sudo iptables -A OUTPUT -p udp --sport 53 -j ACCEPT | |
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT | |
sudo iptables -A INPUT -p udp -j DROP | |
sudo iptables -A OUTPUT -p udp -j DROP | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment