DDOS Protection with iptables on an Ubuntu Dedi

Discussion in 'Systems Administration' started by OhSry, Jan 13, 2021.

  1. Hello, does anyone know how I could possibly get simple ddos protection with iptables just to protect from simple attacks, I've seen people work with iptables before and be able to protect from layer 4 and 7 attacks without any lag on the server with gigabytes of data being sent a second, if you know how to do this, please reply and tell me specific commands on how to do this, I've never really worked with iptables before and I would like to just get some basic rules down to protect my server.

    Thank you.
  2. Phoenix616

    Resource Staff

    You can use fail2ban to block certain IPs based on log files (e.g. see this config setup to block based on initial handler spam through Bungee's log file) but realistically speaking most bigger attacks can't be blocked by a software firewall.
    • Agree Agree x 1
    • Useful Useful x 1
  3. Anyone know any iptables rules at all for just a small ddos prot?
  4. Strahan


    It's a waste of time, IMO. You're better off getting upstream protection.
  5. Like TCPShield?

    The thing is, if I get that, I've got no way of hiding my panel IP imo, the domain for my panel is "panel.#######.com" and my server is on the same IP so I'm not sure of how to hide my panel IP too. So if a person does a subdomain scan then they can find it and then TCPShield would be useless
  6. Don't apply security through obscurity. Set up a firewall to reject traffic if it doesn't come through your reverse proxies (like TCPShield, or Cloudflare for web traffic).
    • Agree Agree x 1
  7. How exactly would I do that? I've never done anything in my life like this and I've never touched firewalls before
  8. Strahan


    Can't really say without knowing what firewall you use. I use pfSense, so in my case I'd just go to Firewall -> Aliases then create an alias for my service (CloudFlare is what I use) then add all their IPs then go to my rules and set a source filter so it only allows traffic from the CF alias I setup.
  9. If you are on CloudFlare Free, this only filters Web Traffic. If bad people have your origin IP they will still be able to DDoS you on other ports like ssh.
  10. Strahan


    Well, yea, that goes without saying. Obviously if you are setting your CloudFlare record to allow non proxied traffic you're exposing yourself.
  11. I can help u with protection.
    Discord : Flamer#4351
  12. fail2ban and iptables won't be enough to avoid feeling the impact of any simple 15 minute ddos attack from a stresser site.
  13. I suggest going with a hoster who provides ddos protection for free like OVH / SoYouStart
  14. Hello,

    Filtering attacks using a software firewall will not work well. If your provider does not have adequate facilities that will allow filtering attacks on layer 3/4.

    If you need good advice, just buy a good vps from a security company and create a proxy that will cover the ipv4 adress of the target server where the application is located.

    In addition, it is enough to block incoming traffic to the minecraft server, and unblock the ipv4 address belonging to the proxy server.

    We can also use GRE / ipip tunneling. For the above advice, you need to think about and choose the right vps, which will not be a bottleneck in terms of bandwidth etc.

    When creating a server, you must be careful, because if you have a website also on a server with a minecraft server, it may open the door to a potential attack.

    The website can be hidden behind a proxy that will allow you to avoid the problem, but you also need to block incoming traffic on port 80/443, and unblock it for the company's addressing from the reverse proxy.

    If you need help with securing the website, send pm.

    The attacker does not have to attack your server right away, because an attack on the side is enough to destabilize play in the game.