iptables is firewall software that can be found in lots of distributions, including CentOS and Ubuntu. In this doc, you’ll see how you can prevent concurrent connections from a single IP address by using iptables. This can improve security and prevent simple DDoS attacks.
Step 1: Verifying IPTables installation
To verify if iptables has been installed, execute:
which iptables
If this returns a path such as /sbin/iptables, then iptables is installed on your system. Otherwise, you can install it by executing apt-get install iptables, or yum install iptables.
If you’re running a Debian-based system, install iptables-persistent to be able to easily save and reload iptables:
apt-get install iptables-persistent
Step 2: Adding IPTables rules
While adding the iptables rules, I will explain what every rule does.
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
This rule will check incoming IP connections to the eth0 interface (-i eth0) to port 80.
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
This rule will check if this connection is new (no risk) within the last 60 seconds (--seconds 60). It will drop the connection should traffic flow be higher than 10 (--hitcount 10).
Step 3: Saving rules
After adding the rules, you will need to save them and reload iptables. Rules can be saved using iptables-persistent, which we just installed:
service iptables-persistent save
service iptables-persistent reload
You have improved server security by limiting the concurrent connections from an IP address using iptables.
Want to contribute?
You could earn up to $300 by adding new articles
Suggest an update
Request an article
