Today i will post one tutorial, how to block ddos attacks in your freebsd.
Do not know if already posted, have not tried, are huge topics, but this works great!
-----------------------------------
First we turn on the firewall (firewall) and we add the following lines to your rc.conf* which is located in the file
/etc/:
Code:
pf_enable="YES" pf_rules="/etc/pf.conf" pf_flags="" pflog_enable="YES" pflog_logfile="/var/log/pflog" pflog_flags=""
Code:
block in all pass in quick on lo0 pass out quick on lo0 table <bloqueo> persist file "/var/db/antiddos(chamamos-lo como quiser eu dei o nome de antiddos.)" block quick from <bloqueo> pass in quick on sis0 proto tcp from any to any port 22 keep state pass in quick on sis0 proto tcp from any to any port 80 keep state pass in quick on sis0 proto tcp from any to any port 3690 keep state pass out all keep state
Now let's create "antiddos" (or whatever name you chose) and, therefore, give the following permission:
Code:
touch /var/db/antiddos chmod 644 /var/db/antiddos
Code:
#!/usr/bin/perl use strict; my @assholes = (); open (IN, "/var/log/auth.log"); while (<IN>) { if ($_ =~ /Invalid user.*from ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/) { push(@assholes, $1); } if ($_ =~ /Did not receive identification string from ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/) { push(@assholes, $1); } } close (IN); @assholes = sort {lc($a) cmp lc($b)} @assholes; my @allowedIPs = (); open (IN, "/var/db/allowed-ips"); while (<IN>) { if ($_ =~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) { push(@allowedIPs, $_); } } close (IN); chop(@allowedIPs); my $tmp = ""; foreach my $asshole (@assholes) { if ($asshole eq $tmp) { $asshole = ""; } else { if ($asshole =~ /127\.0\.0\.1/) { $asshole = ""; } if ($asshole =~ /192\.168\.[0-9]+\.[0-9]+/) { $asshole = ""; } foreach my $allowedIP (@allowedIPs) { if ($asshole =~ /$allowedIP/) { $asshole = ""; } } $tmp = $asshole; } } @assholes = sort {lc($b) cmp lc($a)} @assholes; my $popCount = 0; foreach my $asshole (reverse @assholes) { if ($asshole eq "") { $popCount++; } } for (my $i = 0; $i < $popCount; $i++) { pop (@assholes); } my $list = ""; foreach my $asshole (@assholes) { $list = $list . $asshole . " "; } exec "/sbin/pfctl -t bloqueo -T add $list";
Code:
auth.info;authpriv.info | exec /usr/bin/perl /sbin/bloqueo.pl
I hope you have learned.*
Work perfectly.
Source: universojuegos, cybergamers
Credit: DjZed, Rancoroso
Translated by Tiago