Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux IPTables anti-DDOS attack Shell Scripting     - STL in the list of erase () method (Programming)

- To configure parameter configuration and software installation and uninstallation under Linux (Linux)

- Do you know how to build the Linux kernel (Programming)

- Linux Variable content removal and replacement (Linux)

- C ++ thread creates transmission parameters are changed (Programming)

- Running into the site-wide HTTPS (Server)

- Linux system last command usage (Linux)

- Use IP address spoofing Intrusion Prevention Firewall (Linux)

- Analysis of common mistakes when compiling MySQL installation (Database)

- Fedora && Arch Linux - the most romantic thing to happen now (Linux)

- A brief introduction to some important Docker commands (Server)

- Linux System Getting Started Learning: install software packages on Ubuntu and Fedora (Linux)

- C ++ Const breaking rules (Programming)

- Iptables use examples (Linux)

- Use Makeself Create installation file (Linux)

- Vim (Linux)

- Linux use chattr and lsattr commands to manage file and directory attributes (Linux)

- Understand ASP.NET 5 running the command: DNVM, DNX, and DNU (Server)

- TOAD connect DB2 error SQL1460N solve (Database)

- 11.2.04 Oracle RAC directory crfclust.bdb file is too large, Bug 20186278 (Database)

 
         
  Linux IPTables anti-DDOS attack Shell Scripting
     
  Add Date : 2018-11-21      
         
         
         
  1, Shell Scripting
#! / Bin / bash
/ Bin / netstat -na | grep ESTABLISHED | awk '{print $ 5}' | awk -F: '{print $ 1}' | sed '/ ^ $ / d' | sort | uniq -c | sort -rn | head - n 10 | grep -v -E '192.168 | 127.0' | sed '/ ^ $ / d' | awk '{if; {print $ 2} ($ 2 = null && $ 1> 10!)}'> / tmp / dropip

for i in $ (cat / tmp / dropip)
do
/ Sbin / iptables -A INPUT -s $ i -j DROP
echo "$ i kill at` date` ">> / var / log / ddos
done


2. Increase execute permissions
chmod + x /root/bin/dropip.sh

3. Add to the scheduled task, once per minute
crontab -e
* / 1 * * * * /root/bin/dropip.sh

Explanation:
The above script is relatively simple, but very practical, the most important is the second line, to get the most ESTABLISHED connections before 10 ip and written to a temporary file / tmp / dropip, excluding the internal ip section 192.168 |. 127.0 for beginning through loop dropip inside ip iptables through all drop off, and then written to the log file / var / log / ddos
     
         
         
         
  More:      
 
- Iptables principle (Linux)
- Development environment to build MEAN In Ubuntu 15.10 (Server)
- Linux system on how to use rsync to synchronize data (Server)
- Examples of RAID levels and achieve Operational Details (Linux)
- Java Prototype Pattern (Programming)
- To install the Oracle 10.2.0.1.0 process notes on Oracle Linux 4u4 (Database)
- How to understand Python yield keyword (Programming)
- WordPress blog installation Redis Cache (Server)
- Four levels to deal with Linux server attacks (Linux)
- Linux automatic installation and implementation (Linux)
- OpenSIPS offline messaging feature set (Server)
- How to Install Winusb in Ubuntu 14.04 (Linux)
- Java Concurrency: synchronized (Programming)
- C ++ Const breaking rules (Programming)
- xCAT Installation Kit (Linux)
- Arrow keys, backspace key garbled in Python-2.7.5 Interactive Mode under CentOS 5.8 (Linux)
- Command filter MySQL slow query log (Database)
- Linux firewall settings instance (Linux)
- Web cache basics: terminology, HTTP headers, and caching policies (Server)
- Linux SVN account password to save your settings (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.