add simple server protection rules

Asked by Soul-Sing on 2008-09-16

protection of Denial of Service attacks
example:

iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT

protection against 'Syn-flood',:

iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

protection against 'Ping of deaths':
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

Question information

Language:
English Edit question
Status:
Answered
For:
Gufw Edit question
Assignee:
No assignee Edit question
Last query:
2008-09-24
Last reply:
2008-09-24
Vadim Peretokin (vperetokin) said : #1

That looks good, but can you translate that into ufw language?

Soul-Sing (soulzing) said : #2

than we need an extra layer in the program: the -gui, -ufw, and IP-tables.
it can not been done in ufw only.....

Vadim Peretokin (vperetokin) said : #3

Hmm, alright. Marcos would be best to handle this then.

costales (costales) said : #4

Hi!
Read the man ufw, but It's the "limit" in ufw/Gufw in Intrepid Ibex ;)
Best regards.

Soul-Sing (soulzing) said : #5

Hi
I think these basic server protection rules are not supported by ufw, i have studied ufw carefully, and asked arround. a firewall in linux is mostly used on servers, not on a simple desktop system. (?)
In the future(?) :) we have to add iptables as an extra/ladditional layer to the program? or i am getting wild and irrational now? ;)
Marcos do you think ufw alone can add these basic server protection rules?
(many question marks......sorry bout that....)

costales (costales) said : #6

I think rule, it can't :O

Can you help with this problem?

Provide an answer of your own, or ask Soul-Sing for more information if necessary.

To post a message you must log in.