I'm hosting several websites, and some of them use scripts to ddos externals servers from my server. There is a possibility to control the outgoing traffic by, for example, limiting the number of request per second or so ?
Asked
Active
Viewed 5,151 times
1 Answers
1
Here are some example to prevent DOS, you can man iptables to search the keyword 'limit, connlimit, hitcount' for more informations.
Allow 5 new connection packets per second
iptables -A OUTPUT -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j ACCEPT
Allow 30 connections during 60 seconds each IP.
iptables -A OUTPUT -p tcp --dport 80 -m recent --name BAD_HTTP_ACCESS --update --seconds 60 --hitcount 30 -j REJECT
50 max connections per IP to httpd
iptables -A OUTPUT -p tcp --dport 80 -m connlimit --connlimit-above 50 -j REJECT
Brightshine
- 975
- 1
- 7
- 17
-
So this will stop say, an application on my server, spamming other servers with bad packets? – Joehot200 Jun 03 '15 at 22:43
-
No, it's a limitation for output traffic, prevent too much response to other clients. If you want to block bad packets, you have to define rules in 'INPUT' table instead of 'OUTPUT' . – Brightshine Jun 04 '15 at 04:18