Block the most common denial of service attacks

Linux servers usually come with the empty configuration which means that all traffic are allowed. But just to make sure of this, we'll start by flushing the firewall rules, erase them all:

iptables -F
We can then add a few simple rules to block the most common attacks in order to protect our Linux servers from script-kiddies. We can't really count on iptables alone to protect us from a full-scale DDOS attack, but we can at least put off the usual network scanning bots that will eventually find our servers and start looking for security holes to exploit. First, we start with blocking null packets.
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
By this we told the firewall to take all incoming packets with tcp flags NONE and just DROP them. Null packets are, simply said, recon packets. The attack patterns use these to try and see how we configured our servers and find out weaknesses. The next pattern to reject is a syn-flood attack.
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Syn-flood attack means that the attackers open a new connection, but do not state what they want (ie. SYN, ACK, etc..). They just want to take up our servers resources. We won't accept such packages. Now we move on to one more common pattern: XMAS packets, also a recon packet.
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
With this we have now ruled out at least some of the usual patterns that find vulnerabilities in our servers.

Still need help? Contact Us Contact Us