Repel port flood by CSF and IPT_Recent

by Linux Killer on January 31, 2013

Protect the server from Flood attacks , Using the property Port Flood Protection In firewall CSF . After doing the necessary settings will be able to determine the number of allowed connections Same time for each IP tries to connect to the server.

So How to Make a flood attack ?
Logically flood attacks are two ways :
first through a specific communication
the second through multiple connections each connection of these connections connect with the provider

  1. Installing firewall CSF last version
  2. Enabled IPT and works well
  3. Model IPT_Recent special for IPT


Through edited the configuration file special for CSF it is located in the following path:

root@server:$ nano /etc/csf/csf.conf

We pressing CTRL + W and look for PORTFLOOD we will find the line as follows default :


put inside ” ” Settings that we want ,as in the following example:

PORTFLOOD = "80;tcp;20;10"

80 is the port , TCP is the protocol , 20 is the number of connections allowed at the same time , 10 is time of pause temporarily after the 10 seconds is allowed IP make new contacts

Important note: ipt_recent can count 20 Packets for each Title , So you can change the number of connections from 1 to 20 only

Is there a possibility of adding more than one port ?yes be as follows (Just an example) :

PORTFLOOD = "22;tcp;10;200,21;tcp;15;100,80;tcp;20;5"

Note that when we add a new port we put a comma (,)

In the previous example you choose more than one port are 22, 21 and 80 And you can add more and you can change the number of connections and also change the protocol type, for example, from TCP to UDP after the completion of the edited we save the file : CTRL + X, Y, and then Enter button.

Finally, do not forget to restart CSF with the following command:

root@server:$ csf -r

Thank You ,,

Related Posts:

{ 2 comments… read them below or add one }

Alejandro January 31, 2013 at 12:48 pm

I have a question, 20 connections at the same time are not many connections for a unique IP?



Linux Killer January 31, 2013 at 1:58 pm

20 is the number of connections allowed at the same time


Leave a Comment

Previous post:

Next post: