Linux DDOS Defense with iptables
Previous Linux DDOS Defense post:
- Linux DDOS Defense with .htaccess
Linux has a great multipurpose tool called iptables. Blocking IPs in iptables blocks the IP from using any of the server resources not just the web server. This is effective against broad range attacks target multiple ports (FTP, telnet, http, etc.). Unfortuneately, many server admins and webmasters are afraid to use iptables and, therefore, do not have experience with it. If you edit the iptables file directly it is very easy to cause some major down time, especially if you host your server your server off site. For instance, a syntax error in iptables can block your access to SSH, FTP, HTTP and everything else.
However, the work around is to never edit iptables directly. Simply enter iptables commands from the Linux command line. If you get the syntax wrong the command line interface will simply reject the command. Here are some examples of proper usage:
To block a range of IPs in a network use (example bad guy IPs shown):
iptables -I INPUT -m iprange --src-range 120.60.0.0-120.60.255.255 -j DROP
To block a single IP address use:
iptables -A INPUT -s 120.60.43.201 -j DROP
To display the current iptables file without editing it use:
iptables -L
