By veeblealb
DOS is the abbreviation of Denial Of Service. It’s an attempt to make the server network resources unavailable to its intend users. We can identify it by checking if there any packet loss on the server simply by using PING. Normally the attack is originated from the same IP address but in some strange situations the attackers may use multiple IPs for DOS. By using the advantages of iptables and or CSF we can simply avoid the DOS attack from external connections. To configure the iptables to prevent DOS you must have a well knowledge in iptables configuration. But, you can simply mange it from the CSF. Here I am comparing the two ways (ie, iptables and CSF) to prevent DOS on Linux servers. How to configure iptables to prevent DOS attack? You must know the following iptables switches to configure the server to prevent from DOS -A : Append -p : Protocol –dport : For ports -m limit : To limit iptables extension –limit 25/minute : Defines maximum of 25 connection per minute. –limit-burst 100 : The limit/minute will be enforced only after the total number of connection have reached the limit-burst level, ie 100 here. -j : Target