DDoS protection - Using Netfilter/iptables @ DevConf.cz Feb 2014
- Disable TCP loose mode
- Disable TCP forwarding
- Enable SYN cookies
- Enable TCP timestamping
- Use SYNPROXY module (Optional)
/etc/sysctl.conf
*raw | |
:PREROUTING ACCEPT [0:0] | |
:OUTPUT ACCEPT [0:0] | |
-A PREROUTING -p tcp -m tcp --dport 25565 -j CT --notrack | |
COMMIT | |
*mangle | |
:PREROUTING ACCEPT [0:0] | |
:INPUT ACCEPT [0:0] |
/etc/sysctl.conf