Use the following iptables command to rate limit connections per IP. This is useful for preventing a DDoS attack on DNS servers. However, for DDoS protection for your DNS servers, you should be hosting DNS with the big cloud providers like Cloudflare, or running dnsdist in front of your authoritive servers.
iptables -A INPUT -p udp -s 0.0.0.0/0 --dport 53 -m limit --limit 50/minute --limit-burst 250 -j ACCEPT
- -s 0.0.0.0/0 – This denotes traffic coming from ALL IPs in CIDR notation.
- –limit 50/minute – limits the number of connections per IP to 50 a minute.
- –limit-burst 250 – limit/minute will be enforced after total connections reach this limit.
- –dport 53 – Port. In this case, UDP port 53 (DNS)
- –p udp – Protocol. In this case, UDP.