Dropping simultaneous connections at the kernel level

Picked up various IPTables rules for handling bots hammering my websites (borrowed from https://wiki.archlinux.org/index.php/Iptables#Logging)

Setup a logchain for logging dropped packets

Create the logchain

# iptables -N logdrop

And add the following rules to the newly created chain:

# iptables -A logdrop -m limit --limit 5/m --limit-burst 10 -j LOG
# iptables -A logdrop -j DROP

View dropped packets

# journalctl -k | grep "IN=.*OUT=.*" | less

Drop the connections if multiple hits within 60 seconds

I don't remember where I found this bit of information, but, if I can find the link again I'll make sure to update this page.

# /sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
# /sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60  --hitcount 15 -j DROP

Additional reading