How to block all connections on all ports using iptables?

MaxIT

12/9/23, 8:37 AM

I am trying to protect myself from ddos and limiting all users with more then 5 connection request to connect to my server. I am trying to use this one, but it is not working, it actually blocks even 1 connection to most of the users:

iptables -A INPUT -p udp --dport 0:65535 -m connlimit --connlimit-above 5 -j REJECT

If I do same command but just on 1 port, it works on that port and connections are limited

iptables -A INPUT -p udp --dport 80 -m connlimit --connlimit-above 5 -j REJECT

where do I make a mistake when i select all ports?

0 + 4

iptables

18.04

dummyuser

12/9/23, 9:06 AM

does this anwer your question [UDP conn limits](https://serverfault.com/questions/375616/limit-udp-connections-per-ip-iptables) ?

pa4080

12/9/23, 9:16 AM

Hello, mitigating DDoS is not so easy... You know, the first *D* means distributed, which on other hand means multiple IPs... So I would suggest you to spend few hours with this great article: [DDoS Protection With IPtables: The Ultimate Guide](https://javapipe.com/blog/iptables-ddos-protection/). Here is a quotation from the guide: *You’ll find that most if not all guides on how to block DDoS attacks using iptables use the filter table and the INPUT chain for anti-DDoS rules. The issue with this approach is that the INPUT chain is only processed after the PREROUTING and FORWARD chains....*

MaxIT

12/9/23, 12:00 PM

thanks, but still did not figure it out, as i said when i add only 1 port in dport, then it works blocking on that port, but when i add port range then to some client it does not allow even 1 connection to connect

Doug Smythies

12/9/23, 10:59 PM

I doubt if it'll make any difference, but try deleting the port stuff entirely, which then implies all ports. So: `iptables -A INPUT -p udp -m connlimit --connlimit-above 5 -j REJECT`. With all your questions, you need to follow up on them and indicate if answers or comments helped or not, and if not why not. For this question I suggest you add some example information, as I am not convinced your issues are what you say they are.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to block all connections on all ports using iptables?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.