Hi guys. Can anyone tell me exactly how this rule would translate into UFW:
Outbound UDP Flood protection in a user defined chain.
iptables -N udp-flood iptables -A OUTPUT -p udp -j udp-flood iptables -A udp-flood -p udp -m limit --limit 50/s -j RETURN iptables -A udp-flood -j LOG --log-level 4 --log-prefix 'UDP-flood attempt: ’ iptables -A udp-flood -j DROP
It is to prevent massive UDP flood attacks on our server. At the moment I have a rule that simply blocks all ports apart from some specific service ports I need open. However, this is too restrictive.
My current rule : -A ufw-after-output -p udp -j DROP
Thanks for any help!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Thank you for the quick response. :)
The floods are not inbound they are outbound which is why I have set a rule to deny all outbound UDP packets. I already have been the target of such attacks and setting the above UFW rule has solved the problem, ie stopped the UDP floods, but because it’s too restrictive it has caused problems with some of the software I run.
First of all I can see a foreign ip port scanning my ip, then many UDP Fragment (1500) from <ip> to <ip> on eth0.
I don’t think cloudflare will help as I don’t run a public website that someone might think to attack.
Any suggestions how I can convert the rate limit rule to a UFW format?
Thanks.
Heya,
Translating custom iptables rules into UFW (Uncomplicated Firewall) configuration can be challenging because UFW is designed to simplify firewall configuration and doesn’t natively support complex rule sets, especially ones involving custom chains like your UDP flood protection setup. However, you can integrate custom iptables rules with UFW by adding them to UFW’s user rules files.
Here’s how you can adapt your iptables rules for UDP flood protection to work alongside UFW on your server:
-
Create the Custom Chain and Rules in iptables:
- First, you’ll need to create a custom chain (
udp-flood) and add the necessary rules to manage the UDP traffic. - You can use your existing iptables rules for this purpose.
- First, you’ll need to create a custom chain (
-
Integrate with UFW:
- UFW uses several files to store its rules, located in
/etc/ufw/. The filesbefore.rulesandafter.rulesare particularly useful for adding custom iptables rules. - Since you’re dealing with outbound (OUTPUT) rules, you should add your custom iptables rules to the
after.rulesfile.
- UFW uses several files to store its rules, located in
-
Editing the UFW Rules File:
- Open the
/etc/ufw/after.rulesfile with a text editor (likenanoorvim):
- Open the
sudo nano /etc/ufw/after.rules
At the end of this file, before the COMMIT line, add your custom iptables rules. It will look something like this:
*filter
:udp-flood - [0:0]
-A OUTPUT -p udp -j udp-flood
-A udp-flood -p udp -m limit --limit 50/s -j RETURN
-A udp-flood -j LOG --log-prefix "UDP-flood attempt: "
-A udp-flood -j DROP
COMMIT
- Make sure to place these rules in the correct section of the file and preserve the formatting.
-
Reload UFW:
- After saving the changes, reload UFW to apply the new rules:
sudo ufw reload
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.