This is just some iptables rules that was transfered to a UFW because of how Docker massacared iptables
- Put
:ufw-before-syn-flood - [0:0]
right after# End of required lines
. - Then put rules from rules.txt right before
COMMIT
thing at the end of file (DO NOT deleteCOMMIT
) - Change your rules accordingly
- There is no multi-cast and Spank DDoS protection since I have no idea how well will it work with docker. Invalid packets and syn flood should be enough.
- Do not forget to turn on tcp_syncookies in your system, that helpes a lot.
P.S. UFW handles a lot of things on its own, such as invalid packets in the input and established connections, so there is no need to add more