欧阳博客
iptables防SYN等攻击规则
作者:欧阳 发布时间:2014年06月14日 阅读: 3,201 分类:Linux摘要,学习笔记
# Generated by iptables-save v1.4.x on Fri Jun 13 01:57:13 2014 *filter :INPUT ACCEPT [82:5220] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1222:1240160] :syn-flood - [0:0] -A INPUT -p tcp -m tcp --dport 80 -m connlimit --connlimit-above 10 --connlimit-mask 32 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 50/sec --limit-burst 50 -j ACCEPT -A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT -A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN -A syn-flood -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Fri Jun 13 01:57:13 2014