Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services
Home/Tools/iptables Rule Generator

Free Tool

iptables DDoS Protection Rule Generator

Generate battle-tested iptables rules for Linux DDoS mitigation. Select the protections you need, customize rate limits, and get ready-to-use rules with detailed comments.

Protections

SYN Flood Protection
Limits new TCP connections per second
Limit:/sec per IP
UDP Flood Protection
Rate limits UDP packets per source IP
Limit:/sec per IP
ICMP Rate Limiting
Prevents ping floods and ICMP abuse
Limit:/sec
Connection Limiting
Max concurrent connections per source IP
Max:conns/IP
Invalid Packet Dropping
Drops malformed and invalid TCP states
Port Scan Protection
Detects and blocks port scanning attempts
Bogon Filtering
Blocks traffic from reserved/private IP ranges
iptables-ddos-rules.sh
Select your protections and click Generate Rules to create your iptables ruleset.
Warning: Always test firewall rules in a staging environment before applying to production. Incorrect iptables rules can lock you out of your server. Keep a console/out-of-band access method available. Consider using iptables-restore with a cron job to auto-revert rules after 5 minutes during testing.

What These Rules Do

SYN Flood Protection

Limits the rate of new TCP connection attempts (SYN packets) per source IP. SYN floods exhaust server connection tables by sending thousands of half-open connections. The hashlimit module tracks per-IP rates efficiently.

UDP Flood Protection

Rate limits UDP packets per source IP. UDP floods are stateless and can easily saturate bandwidth. Common in amplification attacks (DNS, NTP, memcached). These rules limit the packet rate from any single source.

ICMP Rate Limiting

Restricts ICMP (ping) packets to a reasonable rate. Prevents ping floods while still allowing legitimate network diagnostics. Smurf attacks use ICMP amplification to overwhelm targets.

Connection Limiting

Caps the number of simultaneous connections from a single IP address. Prevents resource exhaustion from slowloris-style attacks or botnets opening many connections from each host.

Invalid Packet Dropping

Drops packets with invalid TCP flag combinations (XMAS, NULL scans) and packets that don't match any known connection state. These are commonly used in reconnaissance and evasion attempts.

Port Scan Protection

Detects hosts that probe multiple ports in a short time window and temporarily blocks them. Attackers scan for open ports before launching targeted attacks.

Bogon Filtering

Blocks traffic from IP ranges that should never appear on the public internet (RFC 1918 private ranges, loopback, etc.). Spoofed source IPs from these ranges indicate malicious traffic.

Best Practices

Always enable connection tracking (conntrack), accept established connections first for performance, and log dropped packets to detect attacks early. Use Flowtriq for real-time monitoring.

Protect your infrastructure with Flowtriq

Detect DDoS attacks in under 1 second. Classify attack types automatically. Get instant alerts.

Start your free trial →
Export your results