Portal Home > Knowledgebase > Articles Database > IPTABLES scripting help
IPTABLES scripting help
Posted by iUnknown, 09-12-2009, 08:57 PM |
Hi,
I have a small script that I can run for some DoS protection:
The script checks for IPs that hit the server on port 3306 20 times in 4 seconds, and logs and blocks them if they do. There are certain IP addresses that I want excempt to this rule, how can I make an IP (ie. 12.34.56.78 not be blocked even if it does this? I am sure this will involve "iptables -A FLOOD" in some way... but I did not create this little script and I'm not great with iptables commands.
Thanks very much for any assistance with this matter.
|
Posted by khunj, 09-13-2009, 10:15 AM |
Just add the IP with the negative '!' instruction.
By the way, if you log packets and get DDoS, I'm affraid you'll flood your logs
|
Posted by iUnknown, 09-13-2009, 10:33 AM |
Thanks very much for that and for the advice! Exactly what I wanted.
Just one more concern with regard to this, what if I want to add another unrelated IP address to this? Sorry for the probably simple question but I'm not particular of the syntax required... so say I want to have this rule but I want 12.34.56.78 AND 78.67.45.34 to both be ignored by this rule.
Thanks very much, once again.
|
Posted by khunj, 09-13-2009, 11:36 AM |
If it isn't a IP range you can't; unless you patch iptables, which isn't complicated ( see here ).
Otherwise, you'll need to accept those IPs before calling the FLOODCHECK chain.
|
Add to Favourites Print this Article
Also Read