In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-09 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly explains "how to configure iptables to prevent syn ddos ping attack". The explanation content in this article is simple and clear, easy to learn and understand. Please follow the ideas of Xiaobian slowly and deeply to study and learn "how to configure iptables to prevent syn ddos ping attack" together!
netfilter/iptables (iptables for short) constitutes a packet filtering firewall for Linux platforms. Like most Linux software, this packet filtering firewall is free and can replace expensive commercial firewall solutions to complete packet filtering, packet redirection and network address translation (NAT).
Configure firewalls to prevent syn, ddos attacks
[root@m176com ~]# vim /etc/sysconfig/iptables Add the following lines to iptables #anti syn, ddos-A FORWARD -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j ACCEPT-A FORWARD -p tcp --tcp-flags SYN,ACK,FIN, RST -m limit --limit 1/s -j ACCEPT-A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
Note: First line: Maximum of 5 new connections allowed per second. Second line: Prevent various port scans. Line 3: Ping of Death, adjustable or disabled as needed
Restart firewall
[root@m176com ~]# /etc/init.d/iptables restart
Block an IP
# iptables -I INPUT -s 192.168.0.1 -j DROP
How do I prevent others from ping me?
# iptables -A INPUT -p icmp -j DROP
Sync Flood Prevention
# iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
Prevent various port scans
# iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
Ping flood attack (Ping of Death)
# iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPTNMAP FIN/URG/PSH# iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROPXmas Tree# iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROPAnother Xmas Tree# iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROPNull Scan(possibly)iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROPSYN/RST# iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROPSYN/FIN -- Scan(possibly)# iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
Limit the speed at which internal packets are sent
#iptables -A INPUT -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
Limit the number of connections made
#iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT Thank you for reading, the above is "how to configure iptables to prevent syn ddos ping attack" content, after the study of this article, I believe everyone on how to configure iptables to prevent syn ddos ping attack this problem has a deeper experience, the specific use of the situation still needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.