Linux Firmware
connection limit
this should limits all tcp+udp connection, including virus/worm/p2p/ddos/flood/attack/etc
iptables -I FORWARD -p tcp --dport 80 -m connlimit --connlimit-above 1024 -j REJECT
iptables -I FORWARD -p tcp -m connlimit --connlimit-above 64 -j REJECT
iptables -I FORWARD -p udp --dport 53 -m limit --limit 256/sec -j ACCEPT
iptables -I FORWARD -p udp -m limit --limit 8/sec -j ACCEPT
carefull with udp limits. if it makes your browsing slow, try increase the limit.
refs:
- http://web.archive.org/web/20080804011108/http://sancairodicopenhagen.com/joe/iptables_rate_limit_module
- http://www.debian-administration.org/users/nasser/weblog/2
dnsmasq
cache-size=2048
no-negcache
domain-needed
no-resolv
no-poll
server=208.67.222.222
server=208.67.220.220
server=208.67.222.220
server=208.67.220.222
#http://winware.org/bogus-domains.txt
bogus-nxdomain=92.242.132.11 #telkom speedy indonesia
bogus-nxdomain=64.94.110.11 #verisign
bogus-nxdomain=92.242.144.2 #dnsadvantage search?
bogus-nxdomain=198.153.192.3 #nortondns google search
bogus-nxdomain=198.153.194.3 #nortondns google search
bogus-nxdomain=67.215.65.132 #opendns guides
bogus-nxdomain=216.146.36.36 #dyn
#bogus-nxdomain=208.67.219.135 #opendns blocked pages
all-servers
dhcp-option=6,208.67.222.222,0.0.0.0,4.2.2.2