Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] IPTABLES question - Webserver - DOS protection
  • From: "Michal Ludvig" <michal-suse@xxxxxxxx>
  • Date: Thu, 26 Jul 2001 00:30:34 +0200 (CEST)
  • Message-id: <Pine.LNX.4.30.0107260030050.3521-100000@xxxxxxxxxxxxxxxx>
On Wed, 25 Jul 2001, Steven Thompson wrote:

> Q2. And how do you protect the web server from a DOS with IPTABLES (an
> example would be great).

for this purpose I use more-less following rules:

iptables -A INPUT -p tcp --dport 80 -m limit --limit 50/s -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m limit --limit 2/m -j LOG \
--log-prefix "DoS attempt: "
iptables -A INPUT -p tcp --dport 80 -j DROP

I've extracted these from my more complex ruleset, which also includes
protection against "ICMP echo flood" and others. It protects a webserver
with > 400.000 hits per day and seems to work quite well.
Of course you may need to adjust the --limit 50/s to reflect your needs.

Michal Ludvig

< Previous Next >
This Thread
  • No further messages