Configure UFW - linux firewall for dos attack
Install ufw : sudo apt-get install ufw
Allow ssh : sudo ufw allow ssh
Open config file sudo nano /etc/ufw/before.rules
#And add these lines before the end of the file
-A ufw-before-input -p tcp --dport 80 -j ACCEPT
-A ufw-before-input -p tcp --dport 443 -j ACCEPT
#More than 20 connections are made in 10 seconds
-A ufw-before-input -p tcp --dport 80 -m state --state NEW -m recent --set
-A ufw-before-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 10 --hitcount 20 -j DROP
-A ufw-before-input -p tcp --dport 443 -m state --state NEW -m recent --set
-A ufw-before-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 10 --hitcount 20 -j DROP
#More than 20 packets are requested in 1 seconds
-A ufw-before-input -p tcp --dport 80 -m recent --set
-A ufw-before-input -p tcp --dport 80 -m recent --update --seconds 1 --hitcount 20 -j DROP
-A ufw-before-input -p tcp --dport 443 -m recent --set
-A ufw-before-input -p tcp --dport 443 -m recent --update --seconds 1 --hitcount 20 -j DROP
Now enable ufw : sudo ufw enable
This will block traffic with if 20 connections are made in 10 seconds.. or if more than 20 packets are requested in 1 second
Install ufw : sudo apt-get install ufw
Allow ssh : sudo ufw allow ssh
Open config file sudo nano /etc/ufw/before.rules
### Add those lines after *filter near the beginning of the file:ufw-http - [0:0]:ufw-http-logdrop - [0:0]
#And add these lines before the end of the file
-A ufw-before-input -p tcp --dport 80 -j ACCEPT
-A ufw-before-input -p tcp --dport 443 -j ACCEPT
#More than 20 connections are made in 10 seconds
-A ufw-before-input -p tcp --dport 80 -m state --state NEW -m recent --set
-A ufw-before-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 10 --hitcount 20 -j DROP
-A ufw-before-input -p tcp --dport 443 -m state --state NEW -m recent --set
-A ufw-before-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 10 --hitcount 20 -j DROP
#More than 20 packets are requested in 1 seconds
-A ufw-before-input -p tcp --dport 80 -m recent --set
-A ufw-before-input -p tcp --dport 80 -m recent --update --seconds 1 --hitcount 20 -j DROP
-A ufw-before-input -p tcp --dport 443 -m recent --set
-A ufw-before-input -p tcp --dport 443 -m recent --update --seconds 1 --hitcount 20 -j DROP
Now enable ufw : sudo ufw enable
This will block traffic with if 20 connections are made in 10 seconds.. or if more than 20 packets are requested in 1 second