Linux Firmware

connection limit

this should limits all tcp+udp connection, including virus/worm/p2p/ddos/flood/attack/etc

iptables -I FORWARD -p tcp --dport 80 -m connlimit --connlimit-above 1024 -j REJECT
iptables -I FORWARD -p tcp -m connlimit --connlimit-above 64 -j REJECT
iptables -I FORWARD -p udp --dport 53 -m limit --limit 256/sec -j ACCEPT
iptables -I FORWARD -p udp -m limit --limit 8/sec -j ACCEPT

carefull with udp limits. if it makes your browsing slow, try increase the limit.

refs:

dnsmasq

cache-size=2048
no-negcache
domain-needed

no-resolv
no-poll
server=208.67.222.222
server=208.67.220.220
server=208.67.222.220
server=208.67.220.222

#http://winware.org/bogus-domains.txt
bogus-nxdomain=92.242.132.11 #telkom speedy indonesia
bogus-nxdomain=64.94.110.11 #verisign
bogus-nxdomain=92.242.144.2 #dnsadvantage search?
bogus-nxdomain=198.153.192.3 #nortondns google search
bogus-nxdomain=198.153.194.3 #nortondns google search
bogus-nxdomain=67.215.65.132 #opendns guides
bogus-nxdomain=216.146.36.36 #dyn
#bogus-nxdomain=208.67.219.135 #opendns blocked pages

all-servers
dhcp-option=6,208.67.222.222,0.0.0.0,4.2.2.2

http://www.linksysinfo.org/forums/showthread.php?t=54916

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License