Here is a little script to protect the server for all know FLOOD/SPAM/DDOS,
basically this script says to the ddoser i don't want to play with you.
Of course if the attack its grater then your bandwidth it wont stop them.
But however you can do this:
netstat -an | grep :53 (to see the ips that ddos your server then you go add manual).
Basicly no firewall can stop a ddos but however it can be done by a human hand here is an example of a blackhole:
Code:route add 209.62.76.146 reject
or
Code:ip route add blackhole 209.62.76.146/29
Depends on your configuration.
Now below you will see the scripts that actually blocks all kind of attacks from harming your pc or scanners spam flood etc.Firewall.sh using iptables:Code:#Flash IPTABLES
iptables -F
#This rule accepts connection.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#This rule enables local-host connection
iptables -A INPUT -i lo -j ACCEPT
#This rule allows connections to port 29000 if the connection its
#state new which a normal pc would connect and not a spammer or a
#flooder pc.
#duplicate line below if you need more ports open a new port
iptables -A INPUT -m tcp -p tcp -m state --state NEW --dport 29000 -j ACCEPT
#This rule accepts all connections from a host in any port
#you can use this to acces your mysql server or whatever managing site
#you have including ssh connection and ftps
#Replace 0.0.0.0 with your ip to allow SSH connection
iptables -A INPUT -m tcp -p tcp -s 0.0.0.0 -j ACCEPT
#This rule drops all coonection that is not in state new(illegal)
#or not predefined by this firewall including ddos syn flood etc.
iptables -A INPUT -j DROP
So basic all scripts i seen on many forums including this one has a script with 20+ lines that dose a worst job then this one @_@.
Make sure you have this lines un-commented in /etc/sysctl.confCode:net.ipv4.icmp_echo_ignore_all=0
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
net.ipv4.tcp_syncookies=1
# Ignore ICMP broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Ignore bogus ICMP errors
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
_or_
# Do not send ICMP redirects (we are not a router)
net.ipv4.conf.all.send_redirects = 0
# Do not accept IP source route packets (we are not a router)
net.ipv4.conf.all.accept_source_route = 0
After you un-commented the lines please open ssh(putty) and type:
Code:sysctl -p
to apply the changes you made to sysctlPLEASE NOTE ALL THE ABOVE SCRIPTS ARE TESTED 100% UNDER DDOS AND OTHER TYPE OF FLOODS IF THEY DOESN'T WORK ITS BECAUSE YOU DID SOMETHING WRONG!!!Source
