Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:lslb:anti-ddos-firewall [2019/12/05 02:19]
qtwrk
+++ litespeed_wiki:lslb:anti-ddos-firewall [2019/12/05 02:40]
qtwrk
@@ Line 1: / Line 1: @@
-===== How to use firewall together with LiteSpeed ADC for Anti-DDoS. =====
+===== How to use ConfigServer Security Firewall or Iptables together with LiteSpeed ADC for Anti-DDoS. =====
-LiteSpeed ADC Anti-DDoS feature can modify firewall via ''ifconfig'' and ''ipset'' to block suspicious IP(s), this is guide for how to integrate LiteSpeed ADC's Anti-DDoS feature with server firewall (iptables, csf and firewalld)
+LiteSpeed ADC Anti-DDoS feature can modify firewall via ''ifconfig'' and ''ipset'' to block suspicious IP(s), this is guide for how to integrate LiteSpeed ADC's Anti-DDoS feature with server firewall (iptables or csf)
@@ Line 12: / Line 12: @@
 {{ :litespeed_wiki:lslb:adc-anti-ddos1.jpg |}}
-==== Firewalld configuration ====
+==== Iptables configuration ====
-<code>ipset create ls-anti-ddos hash:ip hashsize 4096
+For iptables , run below commands to set up list and rules.
-ipset create ls-quic-ports bitmap:port range 0-65535 -exist</code>
+<code>
+ipset create ls-anti-ddos hash:ip hashsize 4096
+ipset create ls-quic-ports bitmap:port range 0-65535 -exist
+iptables -I INPUT -m set --match-set ls-anti-ddos src -j DROP
+iptables -I FORWARD -m set --match-set ls-anti-ddos src -j DROP
+iptables -I INPUT -p udp -m set --match-set ls-quic-ports dst -j ACCEPT</code>
-==== ConfigServer Security & Firewall and Iptables configuration ====
+==== ConfigServer Security & Firewall configuration ====
 For csf, create file ''/etc/csf/csfpost.sh'' with content:
@@ Line 30: / Line 36: @@
 and then reload it by command ''csf -r''
-for iptables , run above two ''ipset'' commands and three ''iptablets'' commands to create the list and block rule.
 ==== Verify Ipset ====