http://joshua-mcclure.com/linux-ddos-defense-with-iptables/ <i>Austin's most prolific iphone developer.</i> Wed, 25 Apr 2012 21:51:21 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://joshua-mcclure.com/linux-ddos-defense-with-iptables/comment-page-1/#comment-52 Geoff Fri, 02 Sep 2011 01:28:27 +0000 http://joshua-mcclure.com/?p=202#comment-52 When you mean "never edit iptables directly", what do you mean? Isn't the iptables command line tool the direct way of editing your netfilter rules? And the iptables command that I know has always been quite happy to let me do 'iptables -I INPUT -p tcp --dport 22 -j DROP' (which would drop my ssh connection to the computer), allowing me plenty of rope to hang myself with. When you mean “never edit iptables directly”, what do you mean? Isn’t the iptables command line tool the direct way of editing your netfilter rules? And the iptables command that I know has always been quite happy to let me do ‘iptables -I INPUT -p tcp –dport 22 -j DROP’ (which would drop my ssh connection to the computer), allowing me plenty of rope to hang myself with.

]]>