#!/bin/bash
# Script function : auto no ddos.
# Script version : 1.0
# Author : yoo@yoo.hk
# Made : 2013.09.27
# Support : Only CentOS 6.0+

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
LANG=C

export PATH
export LANG

yum install -y iptables >/dev/null 2>&1 &
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 4399,53,12345,80 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type ping -j LOG
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type ping -j DROP
#iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
#iptables -A INPUT -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
#iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
#iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
service iptables save >/dev/null 2>&1 &
service iptables restart >/dev/null 2>&1 &