iptables is firewall software that can be found in lots of distributions, including CentOS and Ubuntu. In this doc, you'll see how you can prevent concurrent connections from a single IP address by using
iptables. This can improve security and prevent simple DDoS attacks.
To verify if
iptables has been installed, execute:
If this returns a path such as
iptables is installed on your system. Otherwise, you can install it by executing
apt-get install iptables, or
yum install iptables.
If you're running a Debian-based system, install
iptables-persistent to be able to easily save and reload
apt-get install iptables-persistent
While adding the
iptables rules, I will explain what every rule does.
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
This rule will check incoming IP connections to the
eth0 interface (
-i eth0) to port 80.
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
This rule will check if this connection is new (no risk) within the last 60 seconds (
--seconds 60). It will drop the connection should traffic flow be higher than 10 (
After adding the rules, you will need to save them and reload
iptables. Rules can be saved using
iptables-persistent, which we just installed:
service iptables-persistent save service iptables-persistent reload
You have improved server security by limiting the concurrent connections from an IP address using