How to regulate output traffic with iptables

StackOverflow https://stackoverflow.com/questions/21529640

  •  06-10-2022
  •  | 
  •  

Question

I'm hosting several websites, and some of them use scripts to ddos externals servers from my server. There is a possibility to control the outgoing traffic by, for example, limiting the number of request per second or so ?

Was it helpful?

Solution

Here are some example to prevent DOS, you can man iptables to search the keyword 'limit, connlimit, hitcount' for more informations.

Allow 5 new connection packets per second

iptables -A OUTPUT -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j ACCEPT

Allow 30 connections during 60 seconds each IP.

iptables -A OUTPUT -p tcp --dport 80 -m recent --name BAD_HTTP_ACCESS --update --seconds 60 --hitcount 30 -j REJECT

50 max connections per IP to httpd 

iptables -A OUTPUT -p tcp --dport 80 -m connlimit --connlimit-above 50 -j REJECT
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top