user2733521
Reputation: 449
How to regulate output traffic with iptables
I'm hosting several websites, and some of them use scripts to ddos externals servers from my server. There is a possibility to control the outgoing traffic by, for example, limiting the number of request per second or so ?
Upvotes: 3
Views: 5698
Answers (1)
Brightshine
Reputation: 965
Here are some example to prevent DOS, you can man iptables to search the keyword 'limit, connlimit, hitcount' for more informations.
Allow 5 new connection packets per second
iptables -A OUTPUT -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j ACCEPT
Allow 30 connections during 60 seconds each IP.
iptables -A OUTPUT -p tcp --dport 80 -m recent --name BAD_HTTP_ACCESS --update --seconds 60 --hitcount 30 -j REJECT
50 max connections per IP to httpd
iptables -A OUTPUT -p tcp --dport 80 -m connlimit --connlimit-above 50 -j REJECT
Upvotes: 1
Related Questions
- iptables LOG and DROP in one rule
- iptables input, output rules
- IPTables rate limit per destination IP and port
- IPTables drop UDP packets with IP Header Identification
- Creating a firewall using iptables
- Iptables Prevent Flooding
- iptables: limit the number of logged packets/second
- How to restrict an Interface to certain IPs and Ports with iptables?
- Auto block IP's with iptables if rate is over 100 in 1 minute?
- How to limit connections per second and IP on apache2?