Our firewall rules

  • July 17, 2021

We have already implemented many good rules for you at the hardware firewall level such as

SSH brute-force protection

Protection against port scanning 

Limit new TCP connections per second per source IP

Limit RST packets

Limit connections per source IP

Drop fragments in all chains

Block spoofed packets

Block packets with bogus TCP flags

Drop SYN packets with suspicious MSS value

Drop TCP packets that are new and are not SYN

Drop invalid packets

I also recommend that you run this on your vps

/sbin/iptables -t mangle -A PREROUTING -p icmp -j DROP
This will make it not respond to ping and can help in DDoS

How helpful was this article to you?

Posting has been disabled.