Question
Convert IP tables rules into UFW
- Posted on March 5, 2015
- SecurityLoggingLinux BasicsDebian
Asked by msnorm
Hi guys. Can anyone tell me exactly how this rule would translate into UFW:
Outbound UDP Flood protection in a user defined chain.
iptables -N udp-flood iptables -A OUTPUT -p udp -j udp-flood iptables -A udp-flood -p udp -m limit --limit 50/s -j RETURN iptables -A udp-flood -j LOG --log-level 4 --log-prefix 'UDP-flood attempt: ’ iptables -A udp-flood -j DROP
It is to prevent massive UDP flood attacks on our server. At the moment I have a rule that simply blocks all ports apart from some specific service ports I need open. However, this is too restrictive.
My current rule : -A ufw-after-output -p udp -j DROP
Thanks for any help!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Thank you for the quick response. :)
The floods are not inbound they are outbound which is why I have set a rule to deny all outbound UDP packets. I already have been the target of such attacks and setting the above UFW rule has solved the problem, ie stopped the UDP floods, but because it’s too restrictive it has caused problems with some of the software I run.
First of all I can see a foreign ip port scanning my ip, then many UDP Fragment (1500) from <ip> to <ip> on eth0.
I don’t think cloudflare will help as I don’t run a public website that someone might think to attack.
Any suggestions how I can convert the rate limit rule to a UFW format?
Thanks.