sudo iptables -N FLOOD_CHECK
sudo iptables -A FLOOD_CHECK -m limit --limit 1000/sec --limit-burst 5000 -j RETURN
sudo iptables -A FLOOD_CHECK -j LOG --log-prefix "IP FLOOD DETECTED: "
sudo iptables -A FLOOD_CHECK -j DROP
sudo iptables -I INPUT -j FLOOD_CHECK
sudo nano /etc/fail2ban/filter.d/ip-flood.conf
[Definition]
failregex = ^.*IP FLOOD DETECTED: .*SRC=<HOST>.*
ignoreregex =
sudo nano /etc/fail2ban/jail.d/ip-flood.conf
[ip-flood]
enabled = true
filter = ip-flood
logpath = /var/log/kern.log
findtime = 60
bantime = 86400
maxretry = 1
action = route
ignoreip =
sudo systemctl restart fail2ban