Convert IP tables rules into UFW
Hi guys.
Can anyone tell me exactly how this rule would translate into UFW:
Outbound UDP Flood protection in a user defined chain.
iptables -N udp-flood
iptables -A OUTPUT -p udp -j udp-flood
iptables -A udp-flood -p udp -m limit --limit 50/s -j RETURN
iptables -A udp-flood -j LOG --log-level 4 --log-prefix 'UDP-flood attempt: '
iptables -A udp-flood -j DROP
It is to prevent massive UDP flood attacks on our server. At the moment I have a rule that simply blocks all ports apart from some specific service ports I need open. However, this is too restrictive.
My current rule :
-A ufw-after-output -p udp -j DROP
Thanks for any help!
It is important to note that blocking large UDP floods at your droplet in software will likely not resolve the underlying problems. Your droplet will still need to refuse requests but more importantly, large inbound attacks can result in your droplet's IP address being blackholed to prevent issues for other users on the network. If you believe you will be the target of this type of attack we recommend using a third party service (like CloudFlare for http) to provide DDoS protection.