[tor-relays] DDOS mitigation with nftables
Ralph Seichter
ralph at ml.seichter.de
Tue Oct 22 20:59:20 UTC 2024
* Top:
> The script failed on my server, complaining that the `iptables` command
> couldn't be found (and no rules had been applied).
You provided too little information to offer detailed advice. Best not
to interpret error messages if you can post actual logs instead.
Generally speaking, your problems might be related to your PATH variable
content during script execution. You also may find [1] generally useful.
[1] https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables
> So how can I apply proper DDOS protection firewall rules whilst using
> `nftables`? Is there some easy way to modify the script to make it
> work?
The question of difficulty depends on your personal knowledge and
skills. Based on your own assessment, meddling with Kernel routing
tables might be beyond your current level of experience. You can
sabotage your server's operation and lock yourself out, so I urge you to
get comfortable with the whole subject in a test environment with backup
console access, before taking on a remote production server.
-Ralph
More information about the tor-relays
mailing list