Blocking all traffic except DDoS Protected IP Print

  • 58

For extra measure of security it is best to prevent access to your server from any other IP except your assigned Remote DDoS Protection IP to block all DDoS attack traffic that might hit it directly.

Open port 22 for your use.

First you want to leave port 22 open so you can access your own server.

iptables -A INPUT -p tcp -i eth0 -s [YOUROWNIP] --dport 22 -j ACCEPT

Drop all other connections

Drop all connections to port 80, 443 or other port except from DDoS IP.

/sbin/iptables -A INPUT -p tcp -i eth0 -s ! [YOURDDOSIP] --dport 80 -j DROP

/sbin/iptables -A INPUT -p tcp -i eth0 -s ! [YOURDDOSIP] --dport 443 -j DROP

/sbin/iptables -A INPUT -p tcp -i eth0 -s ! [YOURDDOSIP] --dport 6554 -j DROP 

To Edit IP Tables configuration:

vi /etc/sysconfig/iptables

Save file and restart iptables using service command.

Note: the port 22 ssh allow must be before any deny entries.

Was this answer helpful?

« Back