Hi,
I want to show you my anti DDoS solution for my relays (aswell ;-). It works without ipset, but with a mix of the recent and hashlimit iptables modules.
What is does: * If one IP address tries to make 7 SYN connection attempts per second, they are locked out for 300 seconds. If they try another connection in that timeframe, the timer is reset and they are locked out for another 300 seconds. * Threre are no more SYNs allowed if 4 connections are already in use to the ORPort.
It works *very* well for me. Other solutons are far more aggressive but I feel my solution works perfectly against the attacks, even if they are not that aggresive.
On top of that, I feel its more easy to implement into ones existing firewall solution.
You can find the repo here: https://github.com/steinex/tor-ddos
Feel free to give it a shot and feedback would be much appreciated!
Greetings, steinex
tor-relays@lists.torproject.org