From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: How to stop the flood?
Date: Thu, 28 Apr 2005 12:35:34 -0400 [thread overview]
Message-ID: <20050428163534.GA30227@bender.817west.com> (raw)
In-Reply-To: <00c701c54c01$3ba1b9a0$3b3429c4@rp>
On Thu, Apr 28, 2005 at 05:47:42PM +0300, Rikunj wrote:
> Thankyou for the reply.
>
> This was the log from one of my client who was attacked from a client on
> other subnet.
>
> My network consist of clients from different subnets of /24.
>
> The attacks from one subnet travels through my linux router and hits the
> client on other subnet.
>
> I tried few rules as below but seems not to be working.
>
> -----------Cut From fwscript.sh-------------------------
>
> echo 1 > /proc/sys/net/ipv4/tcp_syncookies
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
> echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
> echo 0 > /proc/sys/net/ipv4/tcp_timestamps
> echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
> echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
> echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
> echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
> iptables -F
> iptables -t nat -F
> iptables -t mangle -F
> iptables -P FORWARD DROP
> iptables -P OUTPUT ACCEPT
> iptables -P INPUT DROP
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -p icmp --icmp-type echo-request -m length --length
> 92 -j DROP
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A FORWARD -p tcp --syn -m limit --limit 10/s -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -p ip -f -j DROP
> iptables -A FORWARD -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
> iptables -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
> iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
> iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
> iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
> iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
> iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
> -----------------------------------------------
well, you're really not blocking much of anything with that. if you
wish to block 192.168.25.208:
iptables -A FORWARD -s 192.168.25.208 -j DROP
when they call to ask why "the Internet is down" invoke plan B--opening
up a can of the genuine whoop-ass.
-j
--
"Peter: You wanna talk about awkward moments? Once, during sex,
I called Lois "Frank". Your move, Sherlock."
--Family Guy
next prev parent reply other threads:[~2005-04-28 16:35 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-28 13:35 How to stop the flood? Rikunj
2005-04-28 14:16 ` Jason Opperisano
2005-04-28 14:47 ` Rikunj
2005-04-28 15:47 ` Rob Sterenborg
2005-04-28 15:54 ` Dwayne Hottinger
2005-04-28 17:10 ` Rikunj
2005-04-29 3:12 ` Taylor, Grant
2005-04-29 13:17 ` Rikunj
2005-05-01 0:59 ` Mogens Valentin
2005-05-01 19:19 ` Taylor, Grant
2005-04-28 21:50 ` R. DuFresne
2005-04-28 21:58 ` wkc
2005-04-28 22:04 ` Dwayne Hottinger
2005-04-28 17:54 ` Rikunj
2005-04-28 16:35 ` Jason Opperisano [this message]
2005-04-28 20:16 ` Taylor, Grant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050428163534.GA30227@bender.817west.com \
--to=opie@817west.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox