New NTP DDoS target hack

master
bbruns 2014-02-16 20:05:33 +00:00
parent a53a37914a
commit 5389735855
1 changed files with 1 additions and 1 deletions

View File

@ -163,7 +163,7 @@ function apply_ipv4_hack {
# Rate limit NTP DDOS UDP traffic using rules provided on the nanog list by
# pashdown@xmission.com
$IPTABLES -N NTP
$IPTABLES -I 1 BLACKHOLE -m recent --set --name ntpv4blackhole --rsource
$IPTABLES -I BLACKHOLE 1 -m recent --set --name ntpv4blackhole --rsource
$IPTABLES -A NTP -m recent --update --seconds 5 --hitcount 20 --name \
ntpv4 --rsource -j BLACKHOLE
$IPTABLES -A NTP -m recent --update --seconds 5 --hitcount 2 --name \