Last update at :2024-04-25,Edit by888u
Mainly talk about two basic practical applications, which mainly involve banning ping (ipv4) and banning udp, that is, banning hackers from using the server to send out DDoS attacks.
1. Disable ping if there is no iptables
echo 1 > /proc/sys/net/ipv4/icmp_echo_igore_all #Open
echo 0 > /proc/sys/net/ipv4/icmp_echo_igore_all #Close
2. Use iptables rules to ban ping
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -j DROP
3. Use iptables rules to prohibit the server from sending packets to the outside to prevent DDOS attacks from outside.
iptables -I OUTPUT -p udp --dport 53 -d 8.8.8.8 -j ACCEPT #Allow UDP service IP
iptables -A OUTPUT -p udp -j DROP #Disable udp service
The above ports 53 and 8888 are required for DNS service. If you don’t know the DNS settings of this machine, you can execute the following command to get the IP:
cat /etc/resolv.conf
Recommended site search: domain name free registration, 0 yuan registration, domain name query, distribution host, Henan virtual host, dynamic IP server, registration network, how to register a domain name, Western Digital registration, Hong Kong server rental, foreign vps Server rental,
发表评论