I am using kvm and virtuozzo virtualization on my servers and each having 10 vms. I have to restrict DDOS attack from my VMS (i.e prevent VM from doing DDOS attack), I search on net and found that I can restrict number of packets using iptables hashlimit. I tried some rules on my server and it is not working.
For eg vm1 having ip 10.1.3.29 is doing dodos attack I applied following rule.
iptables -I FORWARD -o viifv1052 -s 10.1.3.29 -m hashlimit --hashlimit-name stopddos --hashlimit-mode srcip --hashlimit-above 5/sec --hashlimit-burst 2 --hashlimit-htable-expire 30000 -j DROP
I also tried with -i :
iptables -I FORWARD -i viifv1052 -s 10.1.3.29 -m hashlimit --hashlimit-name ICMPTEST --hashlimit-mode srcip --hashlimit-above 5/sec --hashlimit-burst 2 --hashlimit-htable-expire 30000 -j DROP
Then I tried ebtables but no effect:
ebtables -I FORWARD -o viifv1052 --ip-source 10.1.3.29 --protocol ipv4 --limit 5/sec-j ACCEPT
ebtables -I FORWARD -o viifv1052 --ip-source 10.1.3.29 --protocol ipv4 -j DROP
Any suggestions would be really helpful.
