Home / server / Questions / 385384
In Process
Ansis Māliņš
Asked: 2012-05-03 09:43:44 +0800 CST

How do I set up a troll raid defense system?

  • 772
  1. I have a website or perhaps an IRC server or whatever.
  2. The server keeps a list of all unique visitors (IP addresses).
  3. I have a panic button that, when activated, denies access to all visitors that are not already in the list.

This is to stop massive troll raids without shutting down the service for regulars.

What's the best way to implement this at a low level so that it's agnostic to the kind of server used? Like, some iptables voodoo or something?

Distro is Ubuntu.

linux spam intrusion-prevention

2 Answers

  1. You can write a script that allows just them, and drops everything else, something like:

    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #to allow all established connections to continue, and to allow outgoing connections to get data back
iptables -A INPUT -i ethX -s {allowedIP#1} -j ACCEPT #allow first ip
iptables -A INPUT -i ethX -s {allowedIP#2} -j ACCEPT #..second
... #third and on
iptables -A INPUT -i ethX - -j DROP #drop everything else

    Of course, if your IP list is very large, this becomes a resource hog.

    • 1 
  2. #!/usr/bin/bash

/sbin/iptables -A INPUT   -m state --state NEW -i eth1  -p tcp --destination-port {YOURIRCPORT} -j DROP

    Call it panickfw.sh

    To unlock create another similar script that has:

    /sbin/iptables -D INPUT   -m state --state NEW -i eth1  -p tcp --destination-port {YOURIRCPORT} -j DROP

    You can tweak it so you can use arguments to execute either rule.

    • 0