0

so I need to block all packets to port 2001 in order to stop Chargen amplified floods on my server. Chargen amplified floods hit port 2001. This is what I have tried, but when I look in IPTraf, i still see packets coming in on port 2001:

iptables -A INPUT -p tcp --dport 2001 -j DROP
iptables -A INPUT -p udp --dport 2001 -j DROP

Please help!

4

1 回答 1

3

iptables 不能阻止通过网络进入的数据包,它只会阻止对它们的进一步处理。因此,在数据包转储和类似工具中看到不需要的流量是完全正常的。

于 2013-06-27T20:11:33.350 回答