Update

iptables/README.md

@@ -14,20 +14,20 @@ The `ratelimit.rules` file adds new chains to rate limit subnets.
 sudo iptables-restore -n < ratelimit.rules
 
 # Common offenders
-sudo iptables -t raw -A RATELIMIT_SUBNET -s 185.0.0.0/8 -j RATELIMIT_SUBNET_DEFAULT
-sudo iptables -t raw -A RATELIMIT_SUBNET -s 45.0.0.0/8 -j RATELIMIT_SUBNET_DEFAULT
-sudo iptables -t raw -A RATELIMIT_SUBNET -s 193.0.0.0/8 -j RATELIMIT_SUBNET_DEFAULT
+sudo iptables -t raw -A RATELIMIT_SUBNET -s 185.0.0.0/8 -j RATELIMIT_DEFAULT
+sudo iptables -t raw -A RATELIMIT_SUBNET -s 45.0.0.0/8 -j RATELIMIT_DEFAULT
+sudo iptables -t raw -A RATELIMIT_SUBNET -s 193.0.0.0/8 -j RATELIMIT_DEFAULT
 
 # Default action
-sudo iptables -t raw -A RATELIMIT_SUBNET_DEFAULT -p tcp --tcp-flags SYN,ACK SYN \
+sudo iptables -t raw -A RATELIMIT_DEFAULT -p tcp --tcp-flags SYN,ACK SYN \
  -m hashlimit --hashlimit-name drop_4h \
  --hashlimit-above 4/hour --hashlimit-burst 2 \
  --hashlimit-mode srcip,dstport --hashlimit-srcmask 16 -j DROP
 
 # Log potential offenders
 sudo iptables -t raw -A RATELIMIT_REPORT -p tcp --tcp-flags SYN,ACK SYN \
- -m hashlimit --hashlimit-name log_1s_burst4_net16 \
+ -m hashlimit --hashlimit-name report1 \
  --hashlimit-above 1/second --hashlimit-burst 4 \
  --hashlimit-mode srcip,dstport --hashlimit-srcmask 16 -j LOG \
- --log-level 5 --log-prefix "ratelimit above 1/second burst 4 srcmask 16 "
+ --log-level 5 --log-prefix "ratelimit report1 "
 ```

iptables/ratelimit.rules

@@ -2,7 +2,7 @@
 :RATELIMIT -
 :RATELIMIT_REPORT -
 :RATELIMIT_SUBNET -
-:RATELIMIT_SUBNET_DEFAULT -
+:RATELIMIT_DEFAULT -
 
 -I PREROUTING -j RATELIMIT