|
|
@@ -689,34 +689,34 @@ iptables -A INPUT -p udp --match multiport --dports 465,22,5222,5223,5269,5280,5
|
|
689
|
689
|
iptables -A INPUT -p tcp --dport 22 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
690
|
690
|
|
|
691
|
691
|
# Limit web connections
|
|
692
|
|
-iptables -A INPUT -p tcp --dport 80 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
693
|
|
-iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
|
692
|
+iptables -A INPUT -p tcp --dport 80 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
|
693
|
+iptables -A INPUT -p tcp --dport 443 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
694
|
694
|
|
|
695
|
695
|
# Limit number of XMPP connections
|
|
696
|
|
-iptables -A INPUT -p tcp --match multiport --dports 5222:5223,5269,5280:5281 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
|
696
|
+iptables -A INPUT -p tcp --match multiport --dports 5222:5223,5269,5280:5281 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
697
|
697
|
|
|
698
|
698
|
# Limit IRC connections
|
|
699
|
|
-iptables -A INPUT -p tcp --dport 6666:6670 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
|
699
|
+iptables -A INPUT -p tcp --dport 6666:6670 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
700
|
700
|
|
|
701
|
701
|
# Limit gopher connections
|
|
702
|
|
-iptables -A INPUT -p tcp --dport 70 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
|
702
|
+iptables -A INPUT -p tcp --dport 70 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
703
|
703
|
|
|
704
|
704
|
# Limit IMAP connections
|
|
705
|
|
-iptables -A INPUT -p tcp --dport 143 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
706
|
|
-iptables -A INPUT -p tcp --dport 993 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
|
705
|
+iptables -A INPUT -p tcp --dport 143 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
|
706
|
+iptables -A INPUT -p tcp --dport 993 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
707
|
707
|
|
|
708
|
708
|
# Limit SIP connections
|
|
709
|
|
-iptables -A INPUT -p tcp --dport 5060:5061 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
|
709
|
+iptables -A INPUT -p tcp --dport 5060:5061 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
710
|
710
|
|
|
711
|
711
|
# Limit SMTP/SMTPS connections
|
|
712
|
712
|
iptables -A INPUT -p tcp --dport 25 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
713
|
713
|
iptables -A INPUT -p tcp --dport 465 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
714
|
714
|
|
|
715
|
715
|
# Limit Bitmessage connections
|
|
716
|
|
-iptables -A INPUT -p tcp --dport 8444 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
|
716
|
+iptables -A INPUT -p tcp --dport 8444 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
717
|
717
|
|
|
718
|
718
|
# Limit Convergence notary
|
|
719
|
|
-iptables -A INPUT -p tcp --dport 8432:8433 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
|
|
|
719
|
+iptables -A INPUT -p tcp --dport 8432:8433 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
720
|
720
|
|
|
721
|
721
|
# Limit the number of incoming tcp connections
|
|
722
|
722
|
# Interface 0 incoming syn-flood protection
|
|
|
@@ -1657,6 +1657,13 @@ Search for MaxClients and replace the value with 6. As an example the settings s
|
|
1657
|
1657
|
</IfModule>
|
|
1658
|
1658
|
#+END_SRC
|
|
1659
|
1659
|
|
|
|
1660
|
+Also append the following:
|
|
|
1661
|
+
|
|
|
1662
|
+#+BEGIN_SRC: bash
|
|
|
1663
|
+ServerSignature Off
|
|
|
1664
|
+ServerTokens Prod
|
|
|
1665
|
+#+END_SRC
|
|
|
1666
|
+
|
|
1660
|
1667
|
Then save and exit In the examples below replace /mydomainname.com/ with your own domain name.
|
|
1661
|
1668
|
|
|
1662
|
1669
|
#+BEGIN_SRC: bash
|
Bob Mottram
11 years ago