tomsk

Asked: 2018-04-17 02:00:09 +0800 CST2018-04-17 02:00:09 +0800 CST 2018-04-17 02:00:09 +0800 CST

Secure iptables logging against DDoS

My server is blocking all IP addresses except Slovakia and Czech Republic, and I would like to log all other countries and then drop it.

So my rules looks like this:

iptables -A INPUT -m geoip ! --src-cc CZ,SK -j LOG_COUNTRY

then I have LOG_COUNTRY chain like this:

iptables -N LOG_COUNTRY
iptables -A LOG_COUNTRY -m limit --limit 5/s --limit-burst 10 -j LOG --log-prefix "COUNTRY DROP: "
iptables -A LOG_COUNTRY -j DROP

I would like to ask you how to "secure" it against DDoS, I set limit, so it should be fine.

But if someone will DDoS me, I would like to get all these IP addresses from DDoS attack, and I don't know if limit 5/s can log all attacker's IP addresses.

I don't know what limit number is considered as safe, I don't want to log same IP addresses and packets multime times per second, rather I would like to log as much different IP addresses as possible. I hope you understand me.

Secure iptables logging against DDoS

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Secure iptables logging against DDoS

0 Answers