Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You'd most likely want to use tc. However, if you're trying to defend against it you'd most likely just want to block the IP. However... that being said the traffic is still going to reach your server and clog the network. To truly solve it you'd need to block it somewhere upstream where there is a bigger pipe. Or you could use a service such as Cloudflare that you use as a proxy to your site. All traffic initially goes to their network where they filter DDoS for you and then send the proper traffic to your server. Thus protecting you from the DDoS.
However... If you're just trying to test something just use tc.
tc is traffic controller. What he is asking to do is literally what it's designed for. I'm 99.9% sure that iptables CANNOT do traffic shaping (limiting by a specific amount of bandwidth)
I use tc at work all the time to implement packet loss, low bandwidth simulations and more to do systems tests at work and see how well our applications handle network issues.
you are right about tc and that iptables canot do bandwith control. but with conection limit or hash he can acomplish bandwith consuption per ip. he ask about iptables maybe is not strict bandwith control but he can acomplist consuption with these options.
He specifically asks about limiting it to 1Mbps. So being able to limit IP's by a specific amount of bandwidth per second. Something iptables cannot do. What you're talking about can slow down connections by limiting how many they have. however, it can't limit the speed in any way through that connection.
actually this is not a website this is a gaming host vps so i use only udp ports
@whynotkeithberg yes you are right i can prevent them by blocking his ip but this test from me and i need to block this DOS automatically or not block just limit him like 1 mb/s as max.
@end thank you for making rules i will test it and share result here, but please can you give the end rules after editing it to udp ports ?
my edit will be like this
iptables -I INPUT -p udp --dport 27043 -m state --state NEW -m recent --set
iptables -I INPUT -p udp --dport 27043 -m state --state NEW -m recent --update --seconds 1 --hitcount 2 -j DROP
you are right . but for udp flood i think its better hash limit, or connection limit beacouse if you reduce to 1mb's, packets still comming you just reduce their speed.
yes you wrote it right. just play with hitcount and seconds. remove quotes from ip.
try change --dport to -sport 27043
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.