25 Jul
2001
25 Jul
'01
22:30
On Wed, 25 Jul 2001, Steven Thompson wrote:
Q2. And how do you protect the web server from a DOS with IPTABLES (an example would be great).
Hi, for this purpose I use more-less following rules: iptables -A INPUT -p tcp --dport 80 -m limit --limit 50/s -j ACCEPT iptables -A INPUT -p tcp --dport 80 -m limit --limit 2/m -j LOG \ --log-prefix "DoS attempt: " iptables -A INPUT -p tcp --dport 80 -j DROP I've extracted these from my more complex ruleset, which also includes protection against "ICMP echo flood" and others. It protects a webserver with > 400.000 hits per day and seems to work quite well. Of course you may need to adjust the --limit 50/s to reflect your needs. Michal Ludvig