DDOS Deflate Script – Prevent Attacks using Iptables or SPF

Jack Huang System Admin 1 Comment

A script to prevent DDOS attacks using Advanced Policy Firewall (APF) or iptables
(D)DoS Deflate

Install instruction
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

After install, the script will run every minute. Denied IPs will be released in 10 minutes(configurable) by default.

The config file is /usr/local/ddos/ddos.conf
White list file is /usr/local/ddos/ignore.ip.list

The current version of DDOS Deflate is 0.6, I have to make the following changes to get it working.

Fix
Open script file /usr/local/ddos/ddos.sh

Replace:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

with:
netstat -ntu | grep ':' | awk '{print $5}' | awk '{sub("::ffff:","");print}' | cut -f1 -d ':' | sort | uniq -c | sort -nr

P.S. After install, the ddos.sh will be added to the cron job. /usr/local/ddos/ddos.sh >/dev/null 2>&1

One thought on “DDOS Deflate Script – Prevent Attacks using Iptables or SPF

  • Dave
    Saturday October 19th, 2013 at 11:25
    Permalink

    Thanks,

    This is a nice script!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *