The goal is to keep your web server “responsive” to legitimate traffic, but to throttle back on excessive (potential DOS) traffic.
In this demonstration iptables is configured :
The default policy is ACCEPT (to prevent lockout in the event of flushing the rules with iptables -F).
“Legitimate” traffic is then allowed. In this example I am allowing traffic only on port 80.
All other traffic is then blocked at the end of the INPUT chain (the final rule in the INPUT chain is to DROP all traffic).
The rules I will demonstrate are as follows:
First rule : Limit NEW traffic on port 80
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT
Lets break that rule down into intelligible chunks.