auto.black.hole.sh

sudo iptables -N FLOOD_CHECK
sudo iptables -A FLOOD_CHECK -m limit --limit 1000/sec --limit-burst 5000 -j RETURN
sudo iptables -A FLOOD_CHECK -j LOG --log-prefix "IP FLOOD DETECTED: "
sudo iptables -A FLOOD_CHECK -j DROP

sudo iptables -I INPUT -j FLOOD_CHECK

sudo nano /etc/fail2ban/filter.d/ip-flood.conf

[Definition]
failregex = ^.*IP FLOOD DETECTED: .*SRC=<HOST>.*
ignoreregex =

sudo nano /etc/fail2ban/jail.d/ip-flood.conf

[ip-flood]
enabled = true
filter = ip-flood
logpath = /var/log/kern.log
findtime = 60
bantime = 86400
maxretry = 1
action = route
ignoreip =

sudo systemctl restart fail2ban

Leave a Reply

Your email address will not be published. Required fields are marked *